DDoS  wake-up  call  Last  week's  attack  against 

the  'Net's  root  servers  could  have  been  worse.  PAGE  12. 


Reverse  spin? 


Novell  is  said  to  be  considering  repatriating 


Volera,  the  struggling  caching  company  it  spun  ofFtwo  years  ago.  PAGE  14. 
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Microsoft  positions 
Office  as  .Net  client 


Nortel  finally  set 
for  VoIP  charge 


■  BY  JOHN  FONTANA 

REDMOND,  WASH.  —  Network 
executives  last  week  got  a  first 
glimpse  at  Microsoft’s  plans  to 
transform  its  Office  suite  into  an 
all-purpose  network  client  that 
can  be  used  to  interact  with 
back-end  systems  easily 

The  support  for  XML  file  formats 
Microsoft  is  adding  to  Word,  Excel 
and  Access  in  Office  1 1  means 
corporations  would  be  able  to 


use  familiar  Office  applications  to 
share  data  with  a  variety  of  back¬ 
end,  XML-based  data  repositories, 
line-of-business  systems  and 
e-commerce  servers  —  all  with¬ 
out  the  need  for  clunky  middle¬ 
ware  or  integration  software. 

The  idea  is  to  move  users  away 
from  static  text  documents  and 
spreadsheets  and  into  a  world 
where  real-time  data  can  be 
imported  and  exported  from 
See  Office,  page  74 


■  BY  PHIL  HOCHMUTH 

Nortel  this  week  will  release  IP 
telephony  gear  that  promises  to 
scale  the  company’s  voice-over-IP 
support  by  a  factor  of  10  while 
finally  bringing  its  convergence 
portfolio  up  to  speed  with  chief 
rival  Cisco. 

The  company’s  second  version 
of  its  Succession  Communication 
Server  for  Enterprise  (CSE) 
1000  IP  PBX  will  support  1,000  IP 
phone  users  on  a  server,  and  up 
to  10,000  IP  phones  on  a  cluster 
of  10  servers.  Also  being  intro¬ 
duced  is  a  version  of  Nortel’s 


VPN  prices  decline  and 
vendors  look  beyond 

standards.  Page  51 

Cisco  and  Check  Point 
earn  top  honors  in  IPSec 

vpNt^  ^52 

Pricing  VPNs  for  100  to 

10,000  users.  Page  54 

IPSec  VPN  alternatives. 

Page  56 


CallPilot  unified  messaging  sys¬ 
tem  and  a  power-over-Ethernet 
LAN  switch  —  the  BayStack  460- 
24T-PRW 

These  products  are  aimed  at 
companies  looking  to  move  to  IP 
telephony  but  unwilling  to  give 
up  the  reliability  and  features  of  a 
traditional  PBX  system,  the  com¬ 
pany  says. 

“Scaling  up  the  CSE  1000  is 
really  a  significant  move  for 
Nortel,” says  Brian  Riggs,  a  senior 
analyst  with  Current  Analysis. 
“They  have  really  struggled  in  the 
past  couple  of  years  to  be  com¬ 
petitive  in  terms  of  scalability 
and  functionality  with  other 
packet  PBX  companies.  Nortel 
should  be  a  powerhouse  in 
See  Nortel,  page  18 


■  BY  PHIL  HOCHMUTH  AND 
TIM  GREENE 

If  you’re  seriously  considering 
making  the  voice-over-IP 
plunge,  you  no 
doubt  have 
loads  of  ques¬ 
tions  ranging 
from  the  technical  to  the  finan¬ 
cial  to  the  political. 

Can  VoIP  traffic  traverse  fire¬ 
walls?  Can  it  really  save  us 
money?  What  is  the  best  way  to 
get  IT  and  telecom  staffs  to  work 


The  playing  field 

Nortel  has  some  catching  up 
to  do  in  converged  IP  networks. 
2001  LAN  switch  port  revenue 


2001  worldwide  IP  PBX  revenue 

Total  revenue:  $881.8  million 


together? 

In  wrapping  up  our  series  on 
convergence,  we’ve  taken  a 
crack  at  answering  a  few  of  those 
questions. 

Can  my  LAN 
handle  VoIP? 

IP  telephony 
works  best  on  LANs  running 
switched  10/100M  bit/sec  Ether¬ 
net  to  the  desktop  and  switched 
Gigabit  Ethernet  in  the  backbone 
If  you’re  still  connecting  desktops 
See  Convergence,  page  20 


Answers  to  your 
VoIP  questions 


Last  of  four  parts 
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Security  for  your  existing 
Windows-based  environments 


Microsoft  is  providing  tools,  services,  and 
guidance  to  help  you  get  and  stay  secure 
right  now.  For  example,  tools  such  as 
Microsoft'1  Windows""  Update,  Microsoft 
Software  Update  Services,  and  Microsoft 
Systems  Management  Server  are  helping 
customers  control  and  automate  the 
identification,  collection,  and  application  of 
security  patches  today.  Plus,  our  Security 
Response  Center  is  staffed  seven  days  a 
week  to  investigate  any  reported  security 
vulnerabilities  in  Microsoft  products. 

You  can  also  get  immediate  free  support 
for  virus-related  incidents  on  Microsoft 
products  and  free  prescriptive  guidance  on 
securing  your  Windows  systems. 


I 


Anything  can  happen  to  your  infrastructure.  Make  sure  it’s  secure.  The  evolution  of  the  internet  has 

led  to  increased  security  vulnerabilities  for  any  Internet-enabled  company.  In  this  difficult  and  challenging  environment,  where 

_ can  happen  at  any  moment,  Microsoft  understands  that  you  need  to  keep  your  infrastructure  prepared  for  anything  and 

everything  by  getting  it  secure  and  keeping  it  secure.  Here’s  what  we’re  doing,  along  with  our  industry  partners,  to  help  right  now: 


Partnerships  and  products  to  further 
secure  your  infrastructure  today 


The  Microsoft  Gold  Certified  Partner 
Program  for  Security  Solutions  helps 
you  locate  the  best  providers  of  security 
solutions  for  your  IT  environment.  Microsoft 
Gold  Certified  Partners  for  Security 
Solutions  have  proven  experience,  validated 
by  their  customers,  in  delivering  robust, 
secure  implementations  of  Microsoft 
technologies.  The  technologies  include  key 
infrastructure  security  products  such  as 
Microsoft  Internet  Security  and  Acceleration 
(ISA)  Server  2000,  an  ICSA-certified 
firewall:  Systems  Management  Server  2.0, 
a  management  tool  for  distributing  security 
patches:  and  the  Microsoft  Active  Directory  " 
service,  a  central  repository  for  all  user-  and 
resource-identity  management  information. 


€>  2002  Microsoft  Corporation.  All  rights  reserved.  Microsoft.  Active  Directory,  and  Windows  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  the  " 
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The  future  of  Microsoft  products: 
designing  and  engineering  for 
maximum  security 

Microsoft  has  implemented  engineering 
standards  and  processes  that  focus  on 
building  greater  security  into  our  products 
during  design  and  development.  Some 
highlights  of  the  new  processes  include: 

•  Creating  stronger  default  policies  on  all 
software,  and  fewer  services  enabled  by 
default,  to  deliver  software  solutions  that 
are  more  secure  by  default 

•  Performing  exhaustive  cross-team 
security  code  reviews  to  help  identify  and 
address  potential  vulnerabilities  before  the 
software  is  released 

•  Developing  and  refreshing  new  threat 
models  to  help  counter  constantly  evolving 

K  security  risks 


“Unisys  security  services ,  partnered  with  Microsoft  products  and  solutions,  provide  our 
customers  with  highly  secure  and  cost-effective  mission-critical  solutions." 


-Sunil  Misra,  Managing  Principal, 
Worldwide  Security  Practice,  Unisys 


For  resource  kits,  webcasts,  and  other  information  that  can  help  you  get  your  network  infrastructure  secure  enough  to  handle _ _  or  even 

a  _ _ _  visit  microsoft.com/enterprise/security  Software  for  the  Agile  Business. 
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The  Network  that  Powers  Wall  Streep u 


1-800-SAVVIS- 1 
www.savvis.net/testimonials 


With  all  the  turmoil  in  the  telecom  industry  today,  it’s  easy  to  feel  like  you’ve  been 
caught  in  the  “perfect  storm.”  You  worry  that  choosing  the  wrong  network  provider 
could  leave  your  company  vulnerable.  Conversely,  you  worry  that  delaying  decision¬ 
making  could  leave  you  behind  the  curve. 

SAVVIS  customers  tell  us  they’re  on  course.  Their  IP  VPN  is  getting  the  job  done 
for  voice  over  IP  (VoIP),  global  video  conferencing,  ERP,  and  more. 

From  Wall  Street  to  Main  Street,  SAVVIS  is  the  financially  sound  choice  for  people 
who  demand  a  proactive  managed  IP  service  provider.  SAVVIS  has  been  delivering 
high  performance  IP  VPN  and  managed  hosting  services  to  financial  institutions, 
professional  services  firms,  and  retail  enterprises  for  years.  And,  SAVVIS  has  one 
of  the  strongest  balance  sheets  in  the  industry. 

Don’t  just  take  our  word  for  it.  Visit  our  web  site  and  discover  what  the  Chicago 
Board  Options  Exchange,  Looksmart,  the  Philadelphia  Stock  Exchange,  RM  Crowe, 
Shearman  &  Sterling,  Fitch  Ratings,  Telezoo  and  so  many  others  have  to  say  about 
working  with  SAVVIS. 


Trust  the  Network  that  Powers  Wall  Street 

to  Empower  your  Business.' 


NetworkWorid 


News 

■  10  Storage  mgmt.,  performance  wares  on  tap  at  show. 

■  12  Distributed  DoS  attack  against  root  servers  highlights 

'Net's  vulnerabilities. 

■  14  Novell  might  reabsorb  caching  spin-off  Volera. 

■  14  Vieo  looks  to  automate  application  management. 

■  16  Sprint’s  Esrey  looks  ahead  to  a  more  level  pricing  field. 

■  18  IBM  improves  autonomic  efforts. 

■  74  Start-ups  key  on  management,  monitoring  of  Web  services. 


Infrastructure 

■  21  Foundry  pushes  copper 
Gigabit  into  midsize  businesses. 

■  21  3Com  knows  jack  — 
Network  Jack. 

■  22  Cisco  buys  Psionic  Software. 

■  22  Sun  increases  blade  power. 

■  22  Brian  Tolly:  Interpreting 
throughput  testing  —  read  the  fine 
print! 

NetWorker 

■  25  Towns  turn  to  optical  technol¬ 
ogy  for  super-fast  communications. 

Enterprise 

Applications 

■  29  Calendaring  standards  gain 
popularity. 

■  29  The  worm  that  ate  the 
Internet? 

■  32  Scott  Bradner:  Does  it 
hurt  to  be  castigated? 

■  34  Special  Focus: 

Security:  Keeping  wireless  LANs 
safe. 

Service  Providers 

■  37  Verizon  enterprise  group 
president  sets  sights  on  AT&T. 

■  37  NTT/Verio  rolls  out  content 
delivery  service. 


The  Edge 

■  43  Redback  CEO  views  industry 
downturn  as  opportunity. 

Technology  Update 

■  45  Network  taps  enable  passive 
monitoring. 

■  45  Steve  Blass:  Ask  Dr 

Internet. 

■  46  Mark  Gibbs:  Become  a 
pivot  table  god. 

■  46  Keith  Shaw:  Cool  tools, 
gizmos  and  other  neat  stuff. 

Opinions 

■  48  Editorial:  Web  Services 
Showdown  to  rock  ComNet. 

■  49  John  Hagel:  Caught  off¬ 
guard  by  Web  services? 

■  49  Winn  Schwartau: 

Becoming  safer  by  spreading  out. 

■  76  BackSpin:  Anything  for  a 
buck. 

■  76  ’Net  Buzz:  Rotten  politics 
a  threat  to  Big  Apple  disaster- 
recovery  planning. 

Management 

■  61  Seeking  security  skills: 
Demand  remains  strong  for  IT  pros 
who  know  how  to  safeguard 
systems. 


■  38  Johna  Till  Johnson: 

More  on  why  the  incumbent  local 
exchange  carriers  are  crying  wolf. 


Sony's  robot  dogs  get  wheels. 
Page  46. 
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Progress  brings  lower  prices  but  standards  remain  weak.  Page  51 
Cisco  and  Check  Point  win  World  Class  Awards  for  IPSec  VPNs.  Page  52 
Price  breakdown  for  100-,  1,000-  and  10,000-user  deployments.  Page  54 
What's  up  with  IPSec  VPN  alternatives.  Page  56 
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More  online!  www.nwfusion.com 

See  a  comparison  of  115  VPN  products  and  services  from  more  than  50  vendors  in  our  Buyer's  Guide.  DocFinder  2828. 
See  what  data  you  should  request  from  your  vendor  when  issuing  your  VPN  RFP  with  our  RFP  list.  DocFinder:  2852. 

Get  the  details  on  how  we  tested  the  remote  access  VPN  products.  DocFinder  2826. 
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 Interactive 

The  pro-Ogg  Vorbis  movement 

Ogg  Vorbis  might  sound  like  a  Star  Trek  villain,  but  it's  really  an  open 
source  competitor  to  MP3.  When  Cool  Tools  author  Keith  Shaw  wrote 
about  a  Sony  device  that  supports  most  everything  but  Ogg  Vorbis, 
open  source  fans  went  berserk.  See  what  all  the  hubbub  is  about. 

DocFinder:  2840 


Columnists 

Compendium 

New  spamming  technique 

Fusion  Executive  Editor  Adam  Gaffin  alerts  you  to  a  new  type 
of  spamming  aimed  at  Webmasters  who  obsess  over  their 
site's  referral  logs. 

DocFinder:  2857 


The  Secure  Enterprise 

Security  on  your  mind?  Ease  your  fears  with  our  special  report,  The 
Secure  Enterprise,  which  offers  advice  for  locking  down  your  network. 
Get  tips  for  handling  patch  management,  vulnerability  warnings  and 
security  device  management.  DocFinder:  2841 

Forum:  In  the  defense  of  FastNets 

Gearhead  columnist  Mark  Gibbs  didn't  like  the  power  switch  and  the  firm 
jumps  in  to  defend  it.  Check  out  Gibbs'  critique  and  add  your  thoughts. 

DocFinder:  2842 

Seminars  and  Events 

Convergence  is  a  go 

Voice  and  data  finally  can  be  converged  on  the  only  network  that  mat¬ 
ters:  yours.  Come  to  our  Tech  Update:  “VoIP:  The  Right  Time  for  a 
Rollout"  and  find  out  how  to  start  a  VoIP  implementation  today. 

DocFinder:  2645 

■  CONTACT  US  NetworkWorid,  118Turnpike  Road,  Southborough, 
MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438; 

E-mail:  nwnews@nww.com;  STAFF:  See  the  masthead  on  page  16 
for  more  contact  information.  REPRINTS:  (717)  399-1900 

I' 

SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490-6444; 
Fax:  (508)  490-6400;  E-mail:  nwcirc@nww.com; 

URL:  www.subscribenw.com 


Help  Desk 

Preparing  for  the  A+/Net+ 

Columnist  Ron  Nutter  helps  a  user  who's  wondering  if  he 
needs  to  bother  with  official  A+/Net+  classes  when  he  says 
he  knows  enough  to  ace  the  test  and  move  on  to  his 
Microsoft  Certified  Systems  Engineer  work. 

DocFinder:  2844 

SOHO  Tech 

KVM  switches  make  a  comeback 

To  save  space,  time  and  money,  columnist  James  Gaskin 

says  these  little  wonders  can't  be  beat. 

DocFinder:  2845 

View  from  the  Edge 

Convergence:  Are  we  there  yet? 

The  Edge  Managing  Editor  Jim  Duffy  ponders  the  state  of 
convergence  after  at  least  seven  years  of  hype. 

DocFinder:  2846 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 
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News 


Microsoft  relents,  issues  XP  patch 

■  Microsoft  has  responded  to  criticism  from  users  and 
issued  a  software  patch  for  a  major  security  vulnerability  in 
the  Windows  XP  operating  system,  reversing  an  earlier  deci¬ 
sion  to  require  users  to  upgrade  to  XP  Service  Pack  1  to 
remove  the  vulnerability  The  security  hole  exists  in  the  XP 
Help  and  Support  Center  and  affects  the  Microsoft  Windows 
XP  Home  Edition,  Professional  and  64-Bit  Edition  operating 
systems,  according  to  Microsoft. Taking  advantage  of  a  code 
flaw  for  a  feature  that  sends  information  on  new  hardware  to 
Microsoft,  an  attacker  could  remotely  access  a  vulnerable 
machine  from  a  Web  page  or  a  link  in  an  e-mail  formatted  in 
HTML.  Soon  after  the  discovery  of  the  vulnerability  Microsoft 
issued  XP  Service  Pack  1,  which  patched  the  vulnerability 
and  also  a  number  of  other  security  holes  in  the  XP  operat¬ 
ing  system. 
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■  Hit-Good  ie  Bad  ie  Ugly 


Second  thoughts.  Rep.  Howard  Berman  (D-Calif.)  apparently 
has  heard  the  countless  critics  of  his  legislation  that  would  empower 
copyright  owners  to  hack  into  peer-to-peer  networks  as  a  defensive 
measure.  A  spokesman  for  Berman  said  last  week  that  the  lawmaker 
will  rework  his  proposal  before  filing  it  again  in  the  next  Congress. 
Not  filing  it  again  would  be  better,  but  progress  is  progress. 

Lucent's  losses  mount  The  telecom  equipment 
maker  posted  its  10th  consecutive  quarterly  loss  last  week, 
this  time  $2.8  billion.  If  anyone’s  looking  for  a  silver  lining, 
the  company  lost  $8.8  billion  in  the  same  quarter  last  year. 

Lucent  stock  still  was  trading  at  less  than  a  buck  late  last  week. 

Paper  jams  are  nothing.  Electronics  maker  Brother 
International  is  recalling  about  100,000  business  printers 
after  receiving  reports  that  two  had  caught  fire.  Sold 
between  June  1997  and  December  2000,  the 
recalled  printers  are  model  numbers  HL- 
1040,  HL-1050  and  HL-1060,  plus  the 
MFC-P200  multifunction  device.  > 
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Fiorina  sees  limited  growth  in  2003 

■  Hewlett-Packard  is  bracing  for  another  rough  year  in  2003  when  it  comes  to  IT  spend¬ 
ing.  CEO  Carly  Fiorina  last  week  told  analysts  the  company  expects  single-digit  growth 
in  IT  spending  next  year.  In  the  longer  term,  Fiorina  said  she  expects  growth  rates  of  less 
than  10%  for  the  industry1*!  am  talking  about  the  economy  because  clearly  the  economy 
is  a  huge  pressure  on  the  IT  industry  she  said.“It  is  clear  that  economics  are  driving  the 
slowdown  in  IT  spending.”The  HP  chief  criticized  other  CEOs  for  overspending  on  tech¬ 
nology  in  the  last  decade.  The  executives  were  caught  up  in  trying  to  find  the  fastest 
servers  and  best  software.“Most  CEOs  know  they  overspent  on  technology  in  the  1990s,” 
Fiorina  said. “They  spent  on  hot  boxes  and  killer  apps.” 

Dorman  sees  opportunity  in  doldrums 

■  AT&T  President  David  Dorman  hopes  the  slumping  telecom  industry  will  turn 
around,  but  until  it  does,  he  said  AT&T  isn’t  shy  about  taking  advantage  of  opportunities 
where  it  sees  fit.  Dorman,  one  of  several  telecom  industry  officials  who  spoke  last  week 
at  The  Yankee  Group  s  Telecom  Industry  Forum,  compared  AT&T’s  situation  with  that  of 
the  U.S.and  the  Soviet  Union  in  the  1980s.“It’s  a  bit  like  in  the  Reagan  era  at  the  end  of 
the  Cold  War  when  the  United  States  was  able  to  invest  in  armaments  at  a  level  the 
Soviet  Union  couldn’t  keep  up  with  . . .  bringing  an  end  to  the  Cold  War,"  Dorman  said. 
“We  find  that  the  nearest  competitors  are  forced  to  cut  back  and  disinvest.” 


COMPENDIUM 

Not  out  to  kill  Outlook  (yet) 

Mitcb  Kapor,  the  founder  of  Lotus,  says  his  new,  open  source  messaging  and  collabo¬ 
rator!  application  is  not  designed  to  take  down  Microsoft  Outlook.  The  new  app,  code- 
■  red  Chandler  (as  in  the  detective,  not  the  “Friends"  character)  is  aimed  at  small 
ar  c  i  dsize  companies  that  can’t  afford  Exchange  servers,  he  says.  But  he  adds,  if 
Chandler  takes  off  like  Linux,  who  knows? 

Read  more  at:  www.nwfnsion.com,  DocFinder:  2851. 


Should  have  seen  it  coming 

■  Start-up  Premonitia,  an  Acton,  Mass.,  fault-management  company  that  boasted  net¬ 
work  industry  icon  Paul  Severino  as  its  chairman,  has  closed  up  shop  (www.nwfusion 
.com,  DocFinder:  2855). “The  challenges  of  maturing  our  technology  for  the  diversity 
and  rigors  of  production  IP  networks  were  deeper  than  our  research,  and  therefore  we 
have  discontinued  efforts  to  commercialize  the  technology  says  Peter  Vicars,  who  was 
CEO  of  the  company,  which  was  founded  last  year  on  $3.2  million  in  seed  financing. 
“Maybe  we  will  find  a  partner  with  deeper  research  pockets  where  [our]  algorithms  will 
be  evolved  and  adapted  in  the  future  for  the  benefit  of  the  industry 

Palm  to  unveil  Tungsten  products 

■  Palm  today  is  expected  to  unveil  the  first  handhelds  of  its  recently  announced 
Tungsten  product  line,  which  is  aimed  at  the  enterprise  market.  For  enterprise  users, 
Palm  is  finally  introducing  the  Palm  OS  5.0,  rewritten  for  powerful  32-bit  RISC  micro¬ 
processors,  such  as  Texas  Instruments'  175-MHz  OMAP1015  ARM  chip, along  with  aTexas 
Instruments  digital  signal  processor.  The  combination  of  chip,  operating  system  and  a 
Secure  Digital  format  expansion  slot  will  let  Tungsten  devices  handle  bigger  applica¬ 
tions,  more  data  and  integrated  wireless  communications  options.The  devices  also  will 
have  better  graphics  and  multimedia  features  than  the  current  devices  based  on  Palm 
OS  4.1.  Palm  is  expected  to  show  two  Tungsten  devices:  a  high-end  device  focused  on 
handheld  applications;  and  a  GSM/General  Packet  Radio  Service  smartphone.  Palm  has 
kept  quiet  about  pricing.  Users  are  speculating  that  the  devices  could  be  about  $500. 

Online  responses  lacking,  study  finds 

■  A  new  study  has  found  that  not  only  do  many  Fortune  100  companies  lag  in  respond¬ 
ing  to  general  online  inquiries,  37%  do  not  reply  at  all.  Conducted  by  Customer  Respect, 
com, a  division  of  International  Ventures  Research,  the  study  rated  Fortune  100  companies’ 
overall  online  “customer  respect.”  based  on  factors  such  as  privacy,  principles,  attitude, 
transparency, simplicity  and  responsiveness  that  consumers  encounter  at  the  companies’ 
sites.The  companies  performed  the  lowest  in  responsiveness, garnering  a  4.8  rating  out  of 
10.  Forty-one  percent  of  the  companies  replied  to  inquiries  within  48  hours,  while  just  9% 
received  a  perfect  score  in  responsiveness.  PG&E  and  Ford  ranked  among  the  worst  in 
terms  of  responsiveness,  while  Freddie  Mac,  Costco  and  Verizon  rated  among  the  best. 


(©server 


Winning  with  Linux®  and  Intel?  Online  diversified  financial  services  company  E*TRADE  Group,  Inc.,  has  just 
installed  90  IBM  (©server  xSeries™  servers  running  Linux  to  support  their  E*TRADE  Financial  Web  site. 
Why?  Ease  of  use  and  Linux  driven  affordability  and  scalability.  Select  xSeries  models  feature  the  Intel  Xeon™ 
processor  to  give  you  superior  performance  and  cost-effectiveness. To  receive  a  complimentary  IDC  white  paper 
on  how  to  reduce  TOO  with  Linux,  head  over  to  ibm.com/eserver/etrade  ((pbusfam  fs  $  */?'’ 


All  numbers  and  results  reported  are  from  customer  sources.  This  customer  example  Is  Intended  as  an  Illustration  only.  Costs  and  results  obtained  in  other  customer  environments  will  vary  depending,  among  other  things,  on  Individual 
customer  configurations  and  conditions.  IBM,  the  e-business  logo,  e-business  is  the  game.  Play  to  win  and  xSeries  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  Linux  is  a  registered 
trademark  of  Linus  Torvalds  Intel,  the  Intel  Inside  logo  and  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries  Other  company  product  and  service  names  may 
be  trademarks  or  service  marks  of  others.  ©  2002  IBM  Corporation.  All  rights  reserved. 
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storage  mgmt,  performance  wares  on  tap  at  show 


■  BY  DENI  CONNOR 

ORLANDO  —  A  handful  of  big-name 
vendors  —  from  BMC  Software  to  IBM  — 


this  week  at  Storage  Networking  World 
will  roll  out  products  for  making  storage 
more  flexible  and  easier  to  manage 
across  networks. 


BMC’s  new  Patrol  Storage  Automation  — 
Provisioning  module  can  eliminate  much 
of  the  manual  labor  involved  in  assigning, 
configuring  and  managing  arrays, switches, 


In  today's 

Network-dependent  business  environment 


<ar  small  to  medium-sized 


companies 


Introducing  the  /SurfJanus™  Family  of  Multi-Homed  WAN 
Gateways  from  Amplify.net! 

Enables  you  to  combine  up  to  3  WAN  lines  (T1 ,  Frame  Relay,  DSL,  cable 
and  wireless)  via  high  speed  Ethernet  ports  connected  to  the  same  or 
different  ISPs  to  give  your  network  automatic  WAN  backup,  fail-over  and 
recovery,  secured  with  firewall  and  VPN.  With  its  built-in  dynamic  WAN 
load  balancing,  you  also  get  the  extra  benefit  of  expanded  bandwidth. 

With  Amplify.net's  rSurfJanus,  WAN  redundancy  is  literally  a 
"No  Brainer"  decision  for  you! 

•  "No  Brainer"  Price 

•  "No  Brainer"  Installation  ' 

•  "No  Brainer"  Interoperability 

•  "No  Brainer"  ROI 

Say  goodbye  to  slow  and  expensive  ISDN  or  analog  backup 
today  and  give  your  WAN  the  redundancy  it  deserves! 


In  today's  Internet-driven  business  world, 
network  downtime  is  NOT  an  option  for 
any  company.  When  a  company's  WAN 
fails,  business  literally  comes  to  a  grinding 
hall.  The  consequences  are  dire 
particularly  for  small  and  medium  sized 
companies,  even  for  branch  offices  of  large 
enterprises.  With  affordable  high  speed 
broadband  access  availability  everywhere, 
WAN  redundancy  is  no  longer  a  luxury 
only  larger  companies  could  afford. 


Can  you  afford  not  to  call  Amplify.net  now? 

Call  510  •  360  •  6071,  e-mail  info@amplifynet.com 
or  visit  www.amplifynet.com/isurfjanus 


host  operating  systems,  volume  managers 
and  file  systems  within  storage  environ¬ 
ments.  BMC  says  the  software,  which  works 
with  its  Patrol  Storage  Manager,  can  reduce 
the  number  of  steps  in  a  process  such  as 
assigning  additional  storage  to  an  applica¬ 
tion  from  as  many  as  60  to  just  a  few. 

“Automated  provisioning  is  one  of  the 
first  obvious  areas  where  automated, 
policy-based  management  makes  sense,” 
says  Anders  Lofgren,  a  senior  analyst  for 
Giga  Information  Group.  “This  can  have 
obvious  cost-reduction  benefits  as  well  as 
improve  service  levels  in  regard  to  meeting 
the  capacity  needs  of  applications.” 

Initially  the  BMC  software  will  work  with 
EMC  and  Hitachi  arrays,  Brocade  and 
McData  Fibre  Channel  switches,  Veritas 
Software  Volume  Manager  and  File  System, 
as  well  as  the  Universal  File  System,  NT  File 
System  and  Oracle  databases. 

The  module  will  be  available  next  month 
starting  at  $8,000  per  terabyte  managed. 

Separately  Computer  Associates  will  air 
BrightStor  ARCserve  Backup  Version  9, 
which  has  an  improved  administrative 
interface  that  the  company  says  should 
enable  even  non-IT  personnel  to  install  the 
package  and  schedule  back-up  operations. 

Also  new  in  ARCserve  Backup  Version  9 
is  support  for  the  Network  Data  Manage¬ 
ment  Protocol.This  protocol  lets  traffic  run 
over  dedicated  links  between  a  server  and 
storage  device  rather  than  over  a  compa¬ 
ny’s  main  Ethernet  pipes. 

CA  also  has  simplified  ARCserve  pricing, 
whereas  before  software  for  different  oper¬ 
ating  systems  or  capabilities  might  have 
been  priced  differently  CA  now  charges 
$700  per  master  server  and  starts  pricing 
for  individual  agents  for  server-to-server 
backup  at  $200. 

Also  at  the  show,  IBM  will  announce  that  it 
is  doubling  the  capacity  of  its  Enterprise 
Storage  Server  800  and  800  Turbo  arrays  to 
56  terabytes.  In  addition,  the  company  has 
enhanced  its  Beer-to-Reer  Remote  Copy 
software,  which  enables  the  mirroring  of 
data  from  one  array  to  another.  IBM  has 
added  a“trust-me”mode  that  sends  only  the 
data  changed  during  a  failover  operation 
back  to  the  primary  site. 

Intel  will  use  the  show  to  unveil  a  new 
version  of  its  ProlOOOT  iSCSI  adapter, 
which  now  has  up  to  twice  the  perfor¬ 
mance  of  the  previous  model.  The  Pro¬ 
lOOOT  lets  block-level  storage  data  be 
transported  over  an  Ethernet  LAN  instead 
of  Fibre  Channel  storage-area  networks 
with  greater  efficiency. 

The  adapter,  which  runs  at  700M  bit/sec, 
will  be  available  in  the  first  quarter  of  next 
year  for  about  $700.  ■ 

More  online! 

Q&A  with  Mark  Bregman, 
of  Ventas.  discusses  the 
company  s  storage  vision 
and  the  competition. 
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You're  an  IT  professional,  not  the  Internet  police. 


Give  the  cop  routine  a  rest.  Manage,  don't  just  monitor  corporate  Internet  activity  with  Websense  Enterprise  Web  filtering 
software.  No  more  watching  over  shoulders  or  online  patrolling.  Websense  puts  the  highest  quality,  leak-free  database  to  work 
for  you.  It's  more  accurate,  reliable  and  comprehensive  with  automated  daily  updates,  including  more  than  5,000  site  additions 
per  day.  That's  why  more  than  half  the  Fortune  500  trust  Websense  to  manage  employee  online  activity.  You  can  too. 
Get  Websense.  And  save  your  badge  for  when  you  really  need  it. 
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DDoS  attack  highlights  'Net  problems 

Episode  called  crude,  ineffective  ...  but  concerns  mount  about  future  problems. 


*  — — - < 

Anti-DDoS  start-ups 

Early  products  attract  handful  of  ISPs,  companies. 

|  Company  Product 

Description 

Customers 

Funding! 

Arbor 

Networks 

Peakflow  Platform 

Distributed,  dynamic  network  profiling 
and  anomaly  detection  for  carriers. 

Six  carriers,  Department 
of  Defense 

$33 

million 

Asta 

Networks 

Vantage  System 
2.0 

Automated  system  for  detecting  DoS 
attacks. 

Internet  2  Abilene 
Backbone 

$18 

million 

Captus 

Networks 

CaptIO  Network 
Security  Device 

Policy-based  security  that  automati¬ 
cally  detects,  stops  DoS  attacks. 

Several  government, 
university  customers 

$21.1 

million 

Mazu 

Networks 

hi  . 

Enforcer  300, 
Enforcer  10000 

Traffic-filtering  appliance  for  compan¬ 
ies  that  detects  DoS  attacks. 

Ten  including  MTV,  New 
York  Mercantile  Exchange 

$20 

million 

■  -  .  4 

■  BY  CAROLYN  DUFFY  MARSAN 

Last  week’s  distributed  denial- 
of-service  attack  against  the 
Internets  root  servers  under¬ 
scores  that  much  of  the  Internet’s 
infrastructure  remains  vulnerable 
to  these  common  hacker  attacks 
and  more  sophisticated  assaults 
that  might  be  on  the  horizon, 
experts  say. 

That  an  easily  preventable  dis¬ 
tributed  DoS  attack  was  success¬ 
ful  against  so  many  of  the 
Internet’s  root  servers  surprised 
many  network  executives,  who 
say  they  thought  more  precau¬ 
tions  were  being  taken  by  the 
operators  of  such  a  key  compo¬ 
nent  of  the  Internet’s  DNS. 

A  distributed  DoS  attack  occurs 
when  a  hacker  hijacks  machines 
across  the  Internet  and  uses  them 
to  send  a  flood  of  requests  to  a 
server  until  it  becomes  over¬ 
whelmed  and  stops  functioning. 

In  this  case,  the  distributed  DoS 
attack  was  aimed  at  the  13  root 
servers  that  run  as  the  master 
directory  for  lookups  that  match 
domain  names  with  their  corre¬ 
sponding  IP  addresses.  Below  the 


root  servers  are  the  servers  that 
support  top-level  domains  such 
as  .com,. net  and  .org.and  below 
the  top-level  domain  servers  are 
hosts  of  individual  Web  sites. 

"Last  Monday’s  attack  wasn’t 
very  skillful  from  the  point  of 
attacking  the  DNS  root  servers 
with  a  well-known  ping  attack,” 
says  Paul  Mockapetris,  an  inven¬ 
tor  of  the  DNS  and  chief  scientist 
at  Nominum.a  DNS  software  ven¬ 
dor  "There  are  going  to  be  some 
lax  administrators  who  get  a  big 
wake-up  call.” 

The  root  server  attack  also 


shows  that  hackers  are  becom¬ 
ing  more  ambitious  in  choosing 
targets. 

“Two  years  ago,  most  of  the 
denial-of-service  attacks  were  on 
actual  Web  sites.  With  this  attack, 
people  are  going  after  parts  of 
the  infrastructure,”  says  Ted 
Julian,  co-founder  and  chief 
strategist  with  Arbor  Networks,  a 
start-up  that  sells  an  anti-distrib¬ 
uted  DoS  monitoring  system  to 
ISPs.  “It  changes  from  a  local 
attack  to  a  global  attack.” 


During  the  root  server  attack,  a 
hacker  sent  fake  ping  requests, 
which  are  queries  from  one  host 
to  another  to  determine  if  a  com¬ 
munications  path  is  available 
between  the  two  hosts.  Ping  mes¬ 
sages,  which  are  rarely  received 
by  the  root  servers,  are  sent  using 
the  Internet  Control  Message  Pro¬ 
tocol  (ICMP). 

The  13  root  servers  were  flood¬ 
ed  with  ICMP  requests  for  about 
an  hour,  causing  several  root 
servers  to  stop  being  available  to 
regular  Internet  traffic.  However, 
the  remaining  root  servers  with¬ 


stood  the  attack  and  ensured  that 
it  didn’t  slow  down  performance 
across  the  Internet. 

By  simply  limiting  the  amount 
of  ICMP  traffic  that  the  root 
servers  can  accept,  administrators 
could  have  prevented  the  attack, 
experts  say  In  fact,  root  server  op¬ 
erators  who  didn’t  already  have 
rate  limits  set  on  their  ICMP  traffic 
set  them  as  soon  as  the  attack  was 
discovered.  But  by  then,  these 
servers  had  already  been  inun¬ 
dated  with  phony  traffic. 

“An  ICMP  flood  is  one  of  the  eas¬ 
iest  things  to  filter,”  says  Jim 
Lippard,  director  of  Internet  secu¬ 
rity  at  Global  Crossing.  “For  the 
name  servers  we  provide,  we  just 
filter  out  ICMP  traffic  completely!’ 

The  root  server  attack  comes 
nearly  three  years  after  the  first 
major  distributed  DoS  attack 
knocked  such  high-profile  Web 
sites  as  Yahoo,  eBay  and  eTrade 
offline, causing  financial  hardship 
to  these  companies.  Since  then, 
high-profile  distributed  DoS 
attacks  have  crippled  Microsoft’s 
Web  site  and  led  U.K.  ISP  Cloud 
Nine  to  go  out  of  business. 

Experts  say  susceptibility  to  dis¬ 
tributed  DoS  attacks  exists  at  all 
levels  of  the  Internet’s  DNS,  from 
the  root  servers  to  the  backbone 
ISPs  to  companies  that  run  major 
Web  sites.  The  same  types  of  dis¬ 
tributed  DoS  attacks  also  contin¬ 
ue  to  cause  damage. 

“Most  of  the  vulnerabilities  that 
are  getting  exploited  on  a  daily 
basis  [have  patches]  that  were 
available  for  months,  if  not  years,” 
Lippard  says.  “The  same  vulnera¬ 
bilities  are  used  long  after  they 
should  have  been  dealt  with. ...  It 
takes  an  ICMP  attack  like  this  to 
get  people  to  put  filters  up.” 

Although  the  latest  distributed 


DoS  attack  caused  little  damage, 
experts  say  it  shows  that  the  root 
servers  could  fall  prey  to  more 
ambitious  attacks. 

‘A  large-scale  and  sophisticated 
denial-of-service  attack  —  not  a 
ping  attack  like  we  saw  last 
Monday,  but  an  attack  that 
flooded  servers  with  bogus  DNS 
requests  —  could  reduce  the 
effective  capacity  of  the  root 
servers  and  would  impact  users,” 
Mockapetris  says. 

ISPs  and  corporations  regularly 
deal  with  distributed  DoS  attacks 
such  as  the  ICMP  flood  aimed  at 
root  servers. 

“Our  average  customer  sees  a 
denial-of-service  attack  about 
once  a  week,”  says  Jim  Melvin, 
CEO  of  Mazu  Networks,  a  start-up 
that  sells  an  anti-distributed  DoS 
appliance  to  corporations.  “MTV 
sees  them  daily,  but  they’re  a 
high-profile,  teen-focused  Web 
site.  Other  companies  see  them 
weekly  or  monthly!’ 

Since  the  spring  of  2000,  ven¬ 
ture  capital  firms  have  pumped 
more  than  $90  million  into  four 
start-ups  that  offer  anti-distrib¬ 
uted  DoS  devices.  These  devices 
typically  monitor  Internet  traffic 
for  abnormal  surges,  identify 
when  distributed  DoS  attacks 
cause  these  surges,  and  automat¬ 
ically  shut  off  malicious  traffic  to 
protect  network  resources  from 
being  overloaded. 

Despite  the  many  high-profile 
distributed  DoS  attacks,  these 
start-ups  have  attracted  only  a  few 
dozen  ISP  and  enterprise  cus¬ 
tomers,  including  Canadian  ISP 
Telus,  the  U.S.  Department  of 
Defense,  MTV  and  the  New  York 
Mercantile  Exchange.  The  sys¬ 
tems  range  in  price  from  $25,000 
to  $100,000  for  corporations  and 


several  hundred  thousand  dollars 
for  carriers. 

“With  the  state  of  the  world 
today,  it  doesn’t  take  a  sophisticat¬ 
ed  attack  to  do  damage,”  Melvin 
says.  “The  analogy  I  use  is  that 
people  are  going  to  bed  at  night 
with  the  doors  open.” 

Holding  back  a  widespread  fix 
to  the  distributed  DoS  problem 
is  that  most  ISPs  haven’t  pur¬ 
chased  the  latest  anti-distributed 
DoS  systems  and  don’t  offer  dis¬ 
tributed  DoS  monitoring  as  a 
premium  service  to  their  corpo¬ 
rate  customers. 

The  backbone  providers  have 
done  “very  little"  to  address  the 
distributed  DoS  problem  since  it 
came  to  light  almost  three  years 
ago,  says  Gartner  analyst  John 
Pescatore.  “The  ISPs  are  not  buy¬ 
ing  anything  because  they’re  in 
such  tight  financial  shape.” 

Most  carriers  have  established 
round-the-clock  Internet  security 
teams  that  monitor  their  networks 
for  all  kinds  of  attacks.  These 
teams  will  help  corporate  net¬ 
work  managers  mitigate  a  distrib¬ 
uted  DoS  attack  after  it  has  been 
discovered.  Most  carriers  also  do 
some  kind  of  traffic  filtering, such 
as  limiting  ICMP  traffic  in  a  way 
that  would  prevent  an  attack  such 
as  the  one  against  the  root 
servers. 

Anti-distributed  DoS  technol¬ 
ogy  “needs  to  be  baked  into  the 
infrastructure,”  Pescatore  says. 
“The  telecom  guys  need  to  work 
together  to  put  in  denial-of-ser¬ 
vice  protections  such  as  ingress 
filtering,  egress  filtering,  traffic 
load  balancing.  It  needs  to  be 
done  in  a  coordinated  manner 
across  the  backbone."  ■ 
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■  THIS  WEEK  S  QUESTION: 

How  many  DNS  root 
servers  are  there? 


Answer  this  and  nine  addtional  questions 
online  and  you  could  win  $500!  Visit 

IktwMt  World  Fushhi  and  enter  2349 
in  die  Search  box. 

www.nwfusion.com 


fcfcLast  Monday's  attack  wasn't 
very  skillful  from  the  point  of 
attacking  the  DNS  root  servers... 
[but]  there  are  going  to  be  some 
lax  administrators  who  get  a  big 
wake-up  call.  9  9 
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Novell  might  reabsorb  caching  spinoff 


■  BY  DENI  CONNOR  AND 
JENNIFER  MEARS 

PROVO,  UTAH  —  Novell  is 
reportedly  close  to  pulling  the 
plug  on  its  less-than-2-year-old 
caching  spinoff  Volera. 

Sources  close  to  Volera  and 
Novell  tell  Network  World  that 
work  is  under  way  to  combine 
Volera’s  managed  and  secure 
content-distribution  capabili¬ 
ties  into  Novell’s  BorderMan- 
ager.  The  Internet  access  and 
authentication  product  is  just 
one  piece  of  Nsure,  a  suite  of 
integrated  offerings  that  Novell 
says  will  let  businesses  govern 
what  users  can  access  on  cor¬ 
porate  networks. 

According  to  sources,“the  deal 
is  as  good  as  done”  and  Volera 
will  cease  to  exist  as  a  separate 
entity  sometime  in  the  next 
few  months. 

However,  a  Novell  spokesman 
says  that  development  on  Vol¬ 
era’s  Excelerator  product  is 
continuing  independent  of 


work  on  BorderManager.  Next 
week,  Volera  will  start  a  beta 
program  for  Excelerator  on  the 
Linux  platform  and  has  19  com¬ 
panies  lined  up  to  participate, 
he  says. 

During  the  company’s  third- 
quarter  earnings  call  in  August, 
CEO  Jack  Messman  said  Novell 
was  “re-evaluating  [its]  strategy  at 
Volera.” Further,  in  its  third-quarter 
filing  with  the  Securities  and 
Exchange  Commission  (SEC), 
Novell  says  Volera  sales  have 
been  flat  and  are  expected  to 
remain  so  through  the  remainder 
of  the  year. 

“Volera’s  performance  has  not 
met  the  growth  expectations  of 
the  company  . .  .’’the  filing  states. 

Volera  has  yet  to  turn  a  profit 
since  it  was  spun  off  in  February 
2001  to  take  advantage  of  what 
Novell  saw  as  a  hot  market  for  its 
content  networking  products, 
particularly  its  Internet  Caching 
System.  The  trouble  was  Novell 
spun  off  the  company  at  a  time 
when  the  caching  market  al¬ 


ready  was  starting  to  take  a  hit, 
analysts  say. 

“Novell  was  an  early  entrant 
into  caching  with  great  technol¬ 
ogy,  but  didn’t  really  succeed 
because  they  didn’t  solve  the 
problem  of  how  to  get  to  [cus¬ 
tomers]  other  than  their  in¬ 
stalled  NetWare  base,” says  Peter 
Christy,  an  analyst  with  Nets- 
Edge  Research.  “Volera  could 
have  addressed  that  problem, 
but  .  .  .  they  were  spun  out 
too  late.” 

By  the  beginning  of  2001,  the 
once  high-flying  caching  firms 
already  were  being  grounded 
by  the  demise  of  their  dot-com 
customer  base  and  the  slowed 
spending  of  service  providers. 
CacheFlow  announced  in  Feb¬ 
ruary  2001,  as  Novell  launched 
its  joint  caching  venture  with 
Nortel  and  Accenture,  that 
third-quarter  sales  would  be 
below  expectations,  and  laid  off 
half  its  workforce  in  a  restruc¬ 
turing  effort. 

See  Volera,  page  16 


Security  synchrony 

Here’s  what  the  integration  of  Novell’s  Nsure  security 
and  identity  management  platform  and  Volera’s 
content  delivery  and  caching  products  might  include. 


Function 

Nsure 

Volera 

Proxy  cache 

X 

X 

VPN,  firewall 

X 

Authentication 

X 

X 

Single  sign-on  for  applications 

X 

Identity  and  access  management 

X 

X 

Synchronizization  with  other  operating 
systems  and  eDirectory 

X 

Provisions  access  to  applications 

X 

Metadirectory  technology 

X 

Streaming  media  and  HTTPS  acceleration 

X 

Monitor/manage  caches 

X 

Distribute/balance  cache  content 

X 

Reporting  and  accounting  functions 

X 

Vieo  looks  to  automate  application  management 

Company  plans  to  use  hardware  appliances  to  manage  application  server  environments. 


■  BY  DENISE  DUBIE 

AUSTIN,  TEXAS  —  A  small  company 
new  to  systems  management  says  its  hard¬ 
ware  appliance  will  give  network  man¬ 
agers  a  real-time,  automated  alternative 
to  the  traditional  software  tools  used  to 
manage  complicated  application  server 
environments. 

Vieo’s  Adaptive  Application  Infrastruc¬ 
ture  Management  (AA1M)  appliance  — 
which  is  still  in  development  and  expect¬ 
ed  to  ship  in  mid-2003  —  is  a  Layer  2 
switch  that  initially  will  support  and  man¬ 
age  hosts  running  Web,  application  and 
database  servers. 

AA1M  will  watch  traffic  looking  for  appli¬ 
cation  abnormalities  compared  with  pre¬ 
defined  policies.  And  because  AA1M  is  a 
switch,  when  problems  crop  up  it  can 


Correction 


a  In  the  review  of  Network  Management 
Systems  (Oct.  21,  page  50).  two  scores 
••  ere  given  for  two  of  the  products  in  the 
Ne: Results  chart  and  Scorecard  box.  The 
correct  scores  are  as  follows:  OpenView. 
4.80;  UniCenter.  4.65:  VitalSuite.  4.55: 
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redirect  traffic,  reprioritize  applications  or 
reallocate  network  resources  to  remedy 
the  situation, says  Robert  Fabbio,Vieo  CEO 
and  president. 

Fabbio  —  founder  of  Tivoli  Systems  and 
Dazel,  which  he  sold  to  IBM  and  Hewlett- 
Packard,  respectively  —  might  have  struck 
a  nerve  in  the  management  market,  says 
Rich  Ptak,  president  of  consulting  firm 
Ptak  Associates. 

Large  network  management  companies 
and  smaller  players  alike  —  including 
Managed  Objects,  Smarts  and  Micromuse 
—  have  tried  to  automate  application  per¬ 
formance  management  with  software.  But 
the  tools  generally  require  agents,  a  lot  of 
upfront  configuration  and  hands-on  man¬ 
agement  to  keep  up  with  the  dynamic 
nature  of  application  and  Web  server 
environments. 

“AAIM’s  agentless  architecture  and  auto¬ 
mated,  high-speed  approach  proposes  to 
manage  the  infrastructure  in  real  time  to 
the  benefit  of  a  company’s  business-criti¬ 
cal  applications,"  Ptak  says.“lt  looks  to  me 
as  though  [Vieo]  is  positioning  itself 
along  the  lines  of  IBM’s  autonomic  com¬ 
puting  model.” 

Fabbio  says  while  Vieo  initially  will  target 
AA1M  at  companies  trying  to  solve  particu¬ 
lar  application  performance  problems,  he 
predicts  that  within  three  years  AA1M  will 
compete  with  IBM  Tivoli,  Computer  As¬ 


sociates  and  Cisco  as  customers  learn  how 
the  appliance  can  change  the  way  appli¬ 
cations  are  managed. 

AAIM’s  first  release  will  support  Apache 
Web  services,  WebLogic  application  ser¬ 
vices,  Oracle  data  services,  and  Linux  and 
Solaris  platforms.  Fabbio  says  the  company 
will  add  support  for  popular  industry  prod¬ 
ucts  such  as  SAP  applications,  WebSphere 
application  services,  DB2  and  SQL  data¬ 
bases,  and  AIX  and  Windows  platforms. 

Fabbio  joined  Vieo  last  November. 
Before  his  arrival,  Vieo  had  two  other 
incarnations:  one  as  a  network  consulting 
firm  founded  in  1994  and  the  second  as 
an  InfiniBand  provider  in  early  2000. 
Fabbio  says  InfiniBand  is  the  manage¬ 
ment-enabling  technology. 

The  appliance  will  come  with  200  Gigabit 
Ethernet  ports  and  translate  that  to 
InfiniBand  inside  the  box.  “Because 
InfiniBand  offers  800M  bit/sec  worth  of 
throughput  vs.  the  100M  bit/sec  of  Gigabit 
Ethernet,”  Fabbio  says,  the  appliance  can 
perform  the  deep  packet  analysis  needed 
for  network  management  without  degrad¬ 
ing  network  performance. 

Vieo  is  not  the  first  company  to  tackle  the 
management  problem  using  software- 
enabled  hardware.  Companies  such  as  Net- 
QoS.Packeteer,  Peregrine  Systems,  and  Sil- 
verBack  Technologies  have  management 
products  based  on  hardware. 


A  Meta  Group  study  shows  that  while 
hardware-based  management  represented 
only  5%  of  the  overall  market  in  2000,  by 
2008  hardware  appliances  will  garner  70% 
of  the  information  collection  and  60%  of 
the  processing  markets  associated  with 
enterprise  network  management. 

But  despite  the  potential  benefits  of 
AAIM  —  an  agentless  architecture  that  is 
scalable  and  easy  to  deploy  —  the  com¬ 
pany  faces  several  hurdles.  For  one,  net¬ 
work  managers  might  be  hesitant  to 
replace  hardware  on  their  complicated 
networks. 

Brian  Jones,  manager  of  network  engi¬ 
neering  and  operations  at  Virginia  Poly¬ 
technic  Institute  and  State  University  in 
Blacksburg,  says  that  while  he  Is  not  famil¬ 
iar  with  Vieo  or  AAIM,  the  idea  of  swapping 
in  a  piece  of  hardware  to  manage  applica¬ 
tions  does  not  appeal  to  him. 

“I  am  not  readily  open  to  forklift  up¬ 
grade  my  network  to  gain  application 
management,”  Jones  says.  He  adds  the 
approach  would  worry  him  because  it 
could  potentially  “introduce  new  single 
points  of  failure  into  the  network."* 
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Esrey  looks  toward  level  pricing  field 

Sprint  CEO  says  company  positioned  well  to  deal  with  new  competitive  realities. 


Two  years  ago  we  predicted  that  Sprint 
CEO  William  Esrey  would  be  the  only 
leader  of  the  big  three  telecommunica¬ 
tions  companies  still  holding  the  reins 
by  the  end  of  2001.  While  that  time- 
frame  was  about  a  year  early  Esrey  is 
indeed  the  only  telecommunications 
CEO  with  staying  power.  During  his  1 7- 
year  tenure,  he  has  created  the  third- 
largest  long-haul  provider  in  the  US. 
and  one  of  the  most  advanced  wireless  networks.  Esrey 
recently  spoke  with  Network  World  Senior  Editor 
Denise  Pappalardo. 

How  does  Sprint  plan  to  compete  successfully  with  debt-free  ser¬ 
vice  providers  that  have  emerged  or  may  emerge  from  bankruptcy? 

We  look  at  a  main  competitor  like  WorldCom  and  say ‘What 
if  they  were  debt-free?’ You  know  right  now  that  [World- 
Corn’s]  pricing  in  the  marketplace  with  accurate,  honest 
accounting  would  not  produce  profits.Their  new  investors, 
whether  debt  holders  taking  equity  or  whatever  it’s  going  to 
be,  are  going  to  want  a  return  on  investments.  So  they  are 
going  to  have  to  compete  effectively. 

They  also  have  an  infrastructure  that’s  built  for  a  lot  bigger 
business  that  they’re  not  going  to  have. There  is  a  lot  of  busi¬ 
ness  fleeing  distressed  carriers. 

If  WorldCom  comes  out  of  bankruptcy  without  interest 
costs,  as  some  of  them  do,  that’s  an  advantage  point. . . .  But  I 
don’t  think  it  is  at  all  clear  or  certain  that  they  will  come  out 
of  bankruptcy,  although  that  is  a  distinct  possibility. 

Is  WorldCom  the  only  distressed  company  that  Sprint  is  looking  at 
from  a  competitive  standpoint? 

Oh  no,  there  are  a  lot  of  companies,  whether  it’s  a  Williams 
or  a  Global  Crossing.  But  those  companies  are  not  nearly  as 
significant.  But  even  a  Qwest,  which  has  had  a  lot  of  ques¬ 
tionable  accounting's  going  to  be  a  lot  less-effective  com¬ 
petitor  going  forward  as  they  correct  their  transgressions  of 
the  past. 

What's  happening  with  prices? 

First  of  all,  pricing  is  much  better  than  it  has  been. Some 
prices  continue  to  go  down, some  have  stabilized,  and  some 
have  gone  up.  I  think  it’s  more  important  to  look  at  the  under¬ 
lying  situation  in  the  marketplace.  Basically  you  had  price 
leaders  that  were  trying  to  gain  market  share  through  pricing. 
In  long-distance  they  were  Qwest  and  WorldCom.  We  subse¬ 


quently  found  out  that  their  accounting  wasn’t  legit.  Now 
they  have  to  price  like  other  people. 

Are  the  traditional  services  such  as  frame  relay,  ATM  and  private 
line  better  from  a  profit  standpoint  than  new  services  such  as  IP  or 
IP  VPN?  And  is  Sprint  betting  on  those  traditional  services? 

No,  they  are  all  important.  We  have  to  service  our  customers 
where  our  customers  are  going.  We  can’t  say, ‘This  is  our  dog 
food  and  let’s  eat  it.’ We  have  to  go  where  the  customers  are 
going.  Costs  are  changing  and  pricing  is  changing.  Generally 
voice  services  [are]  more  profitable  than  data  services. 

How  does  Sprint  plan  to  increase  profitability  and  reduce  debt? 

You’ll  continue  to  see  falling  revenues  because  you  have 
one-,  two-  and  three-year  contracts  that  were  created  with 
prices  that  don’t  exist  in  the  marketplace  today.  So  just  redo¬ 
ing  those  contracts  with  current  prices  will  mean  there’s  a 
negative  impact  on  revenues  for  the  same  amount  of  busi¬ 
ness.  It  will  take  a  year  or  two  to  work  through  repricing  all  of 
those  contracts  no  matter  how  good  or  how  firm  prices  get. 

Balance  sheet  is  a  separate  issue  and  extremely  important 
because  the  industry  is  way  too  debt-laden.  We  have  about 
$22  billion  in  debt.  We’d  like  to  have  a  lot  less. 

We  have  a  definitive  agreement  to  sell  our  directories  busi¬ 
ness  for  $2.3  billion.  We  have  mandatory  convertibles  that  we 
already  sold  that  will  bring  in  $1.7  billion, so  that’s  $4  billion. 
If  you  just  look  at  the  FON  side  of  the  business,  it’s  generating 
in  excess  of  $1  billion  in  cash  flow,  and  the  PCS  side  is  rapid¬ 
ly  improving  its  cash  flow.  Very  conservatively  you  can  esti¬ 
mate  $6.5  billion  in  improvements  in  2004. 

Are  there  particular  areas  within  Sprint  in  which  you're  investing? 

We  are  constantly  investing  in  our  growth  on  the  wireline 
side.  On  the  wireless  side,  we  continue  to  build  out  the  net¬ 
work,  adding  1,800  cell  sites  this  year.  We  will  continue  to 
spend  in  the  billions  in  capital  investment  going  forward.  But 
we  are  not  building  ahead  of  demand. 

There  is  a  perception  of  negativity  in  the  telecom  industry.  How  do 
you  deal  with  that? 

Customers  that  have  dealt  with  us  know  the  way  we  do 
business.  1  think  it’s  more  the  man  or  woman  on  the  street 
that  thinks  all  business  people  are  crooks,  particularly  if 
you’re  in  the  telecom  business. They  read  about  Global 
Crossing,  Qwest,  WorldCom  and  Adelphia.Who  can  blame 
them?  You  had  trillions  of  dollars  of  investor  value  lost  be¬ 
tween  debt  being  wiped  out  and  equities  falling  precipi¬ 
tously  You  have  falling  stock  prices  and  this  absolutely  egre¬ 
gious  behavior  by  some  people.  I’d  be  mad,  too.  ■ 


Volera 

continued  from  page  14 

Volera  has  generated  $2  million  in  revenue 
per  quarter,  but  net  losses  have  been  two  to 
three  times  that  amount. 

Meanwhile,  the  caching  market  has  gone 
from  bad  to  worse.  CacheFlow,  one  of  the 
first  caching  companies  when  it  was  found¬ 
ed  in  1996,  recently  changed  its  name  to 
Blue  Coat  Systems  and  is  focused  on  secur¬ 
ing  network  borders.  Other  caching  vendors 
also  have  left  the  market.  Inktomi  found  that 
its  efforts  to  move  from  a  service  provider 
focus  to  serving  enterprise  customers  wasn’t 
working  and  scrapped  its  caching  efforts  to 


focus  on  its  core  search  business.  InfoLibria 
has  laid  off  most  of  its  staff  and  says  it  is  pur¬ 
suing  “strategic  alternatives.” 

“Volera  is  one  of  the  few  players  left  selling 
software  for  [enterprise  content  delivery  net¬ 
works]  or  caching.That  makes  you  wonder  if 
it's  a  market  that’s  addressable  by  a  separate 
company  or  if  it  needs  to  be  part  of  a  larger 
group,”  says  Michael  Ffoch,  research  director 
of  Internet  infrastructure  at  Aberdeen  Group. 
“If  Novell  wants  to  tie  [the  Volera]  technol¬ 
ogy  closer  to  its  Web  services  story,  it  would 
make  sense  to  bring  it  back  in.” 

A  Volera  customer  says  such  a  move 
wouldn’t  surprise  him. 

“1  can  believe  with  Novell  under  new  man¬ 


agement  that  they  would  want  to  bring 
everything  in, ’’says  Richard  Sun,  network  sys¬ 
tems  engineer  at  WL.  Gore  &  Associates  of 
Newark,  Del. 

“I  was  curious  how  they  are  going  to  [rec¬ 
oncile]  the  Excelerator/BorderManager  pro¬ 
duct  lines.”  he  says.“However,  I  would  think  it 
only  makes  sense  that  whatever  Volera  im¬ 
proves  upon  in  Excelerator,  they  would  put 
back  into  BorderManager"  ■ 
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IP  makes  the  value  menu 

Converged  network  built  with  Cisco  IP  Communications  solutions  fits  the  bill 
for  Burger  King  Corporation's  new  world  headquarters. 


Rafael  Sanchez,  CIO  at  the  fast  food  giant  Burger  King  Corp.  (BKC),  got  an 
opportunity  that  some  IT  executives  never  have.  BKC  had  outgrown  its  1 6-year 
old  headquarters  location  in  Miami  and  was  building  a  new  home.  That  meant 
Sanchez  had  a  clean  slate  on  which  to  fashion  a  new  network.  "We  wanted  to 
use  technology  that  would  last  us  five  to  1 0  years,"  Sanchez  says.  "It  was  an 
investment  for  the  future,  and  we  thought  IP  Telephony  was  a  perfect  choice." 

Over  the  last  Fourth  of  July  weekend,  Sanchez  and  his  team  cut  over  a  new 
headquarters  network  capable  of  carrying  voice,  video  and  data  on  a  single, 
converged  infrastructure.  That  infrastructure  is  built  on  the  Cisco  Architecture 
for  Voice,  Video  and  Integrated  Data  (AWID),  a  blueprint  to  help  enterprises 
build  standards-based  networks  and  deploy  emerging  technologies,  including 
new  Internet  business  solutions.  BKC's  new  infrastructure  includes  a  variety  of 
voice-enabled  Cisco  switches  and  routers  along  with  numerous  solutions  from 
the  Cisco  IP  Communications  system,  with  the  ability  to  build  in  a  level  of 
redundancy  not  possible  in  traditional  voice. 

Among  the  additional  benefits  that  BKC's  new  converged  network  delivers 
are  simplified  network  management,  increased  productivity  and  advanced, 
feature-rich  functionality  enabled  by  Cisco  IP  Phones,  Cisco  CallManager  and 
Cisco  IP  Contact  Center  software.  As  the  burger  leader  extends  the  network, 
the  company  expects  to  take  advantage  of  toll  bypass  to  save  money  on  long¬ 
distance  voice  communications  -  a  consideration  that  is  especially  important 
for  its  overseas  locations. 

"The  converged  solution  provided  us  with  the  opportunity  to  consolidate  our 
platforms,  and  significant  benefits  in  terms  of  overall  cost  of  ownership,"  Sanchez 
says.  "The  cost  of  adding  a  redundant  IP  Telephony  solution  to  our  LAN  infra¬ 
structure  was  considerably  less  than  the  cost  of  deploying  a  non-redundant  tra¬ 
ditional  PBX  solution." 

A  clean  break 

Sanchez  had  sound  reasons  for  breaking  with  the  past  strategy  of  separate  data, 
voice  and  video  networks.  Flexibility  was  one,  because  TDM  networks  require  that 
you  earmark  a  set  amount  of  bandwidth  for  voice  and  video.  Moves,  adds  and 
changes  were  another  issue,  as  they  required  calls  to  the  phone  company,  incurred 
additional  costs,  and  took  an  excessive  amount  of  time  to  complete.  With  Cisco's 
IP  Telephony,  users  can  move  their  own  Cisco  IP  Phone,  plug  it  in  and  the  Cisco 
CallManager  will  immediately  recognize  the  phone's  unique  MAC  address. 

Still,  Sanchez  admits  to  a  certain  amount  of  trepidation  while  considering  the 
decision  to  go  all-IP.  "One  of  our  questions  was  whether  the  technology  was 
ready  for  the  100  percent  uptime  that  is  required,"  he  says.  "IP  telephony  has 
surpassed  our  expectations  in  terms  of  reliability.  The  implementation  was  suc¬ 
cessful,  the  technology  has  proved  itself  in  terms  of  maturity,  and  we  have  had 
no  outages  since  day  one.  When  you  consider  the  logistical  challenge  of  mov¬ 
ing  into  a  new  facility  with  600-plus  people,  that  is  a  tremendous  achievement." 

The  converged  network  is  also  more  flexible.  When  the  company  decided  to 
add  a  second  building  across  town  to  its  original  single-building  headquarters 
design,  in  just  two  weeks  Sanchez  and  his  team  were  able  to  draw  up  a  plan 
to  accommodate  the  change.  "If  we  were  using  traditional  telephony,  it  would 
have  been  a  much  longer  timeframe,  and  more  costly,"  he  says. 

Productivity  booster 

Perhaps  most  important  to  BKC  is  the  productivity  enhancements  its  con¬ 
verged  network  brings,  for  both  IT  staff  and  end  users. 

On  the  IT  side,  the  new  network  simplifies  management  chores.  Because  the  com¬ 
pany  now  has  a  single  infrastructure  to  manage,  it  no  longer  needs  separate  sets  of 
IT  staffers  to  manage  its  data  and  telephony  networks.  A  centralized,  converged 
infrastructure  will  also  yield  significant  cost  savings  over  the  life  of  the  network. 

End  users  are  also  more  productive  since  the  graphical  user  interface  on  the 
Cisco  IP  Phones  makes  them  far  easier  to  use  than  a  traditional  office  phone. 
Interactive  "soft  keys"  guide  users  through  various  features,  changing  func¬ 


tionality  based  on  what  task  the  user  is  trying  to  accomplish  (see  photo).  Tasks 
like  putting  a  call  on  hold,  call  forwarding  and  initiating  a  conference  call  are 
now  as  simple  as  pushing  a  single  button  on  the  Cisco  IP  Phone.  Users  employ 
the  same  interface  to  customize  and  control  their  call  options. 

Cisco  IP  Phones  support  XML-based  applications,  which  enable  them  to  dis¬ 
play  data,  such  as  travel  or  weather  updates,  and  take  on  Web-like  applica¬ 
tions.  One  application  that  BKC  is  currently  piloting  will  streamline  conference 
room  scheduling.  With  more  than  100  meetings  a  day  in  30-plus  conference 
rooms,  booking  rooms  chews  up  an  inordinate  amount  of  an  administrator's 
time.  Sanchez  expects  the  new  application  will  make  it  simple  for  end  users  to 
schedule  the  rooms  on  their  own  via  the  IP  Phone  interface. 

"We're  just  scratching  the  surface  of  our  use  of  IP  communications,"  Sanchez 
says.  "We  expect  that  future  uses  of  the  technologies  will  provide  additional, 
significant  benefits." 


The  graphical  user  interface  of  the  Cisco  IP  Phone  makes  it  far  easier 
to  use  than  a  traditional  phone. 


Video  and  call  centers 

IP  Communications  solutions  are  improving  productivity  in  BKC's  various  call 
centers  as  well.  The  company  has  separate  call  centers  for  its  travel  and  human 
resources  departments.  Cisco  IP  Contact  Center  (IPCC)  software  is  already  at 
work  in  the  travel  call  center  and  will  soon  be  rolled  out  in  other  centers. 

With  Cisco  IPCC,  calls  from  around  the  world  come  in  to  an  integrated  voice 
response  unit  that  can  provide  some  self-service  and  help  ensure  that  each  call  is 
routed  to  the  most  appropriate  agent.  Cisco  IPCC  also  populates  the  agent's 
screen  with  data  about  the  caller,  reducing  call  times.  With  IP  telephony,  all  these 
features  can  be  provided  over  a  single  set  of  wires  and  calls  can  be  routed  to 
agents  located  anywhere  in  the  world,  providing  further  flexibility  in  staffing. 

Video  applications,  which  already  get  plenty  of  use  at  BKC,  will  be  further 
expanded  over  the  converged  IP  network.  "This  infrastructure  will  allow  us  to 
do  video  streaming  to  the  desktop,"  Sanchez  says.  "We'll  be  looking  at  using 
video  across  the  network  for  training,"  including  to  restaurant  locations. 

Asked  why  he  chose  Cisco  to  help  build  his  company's  converged  network, 
Sanchez  says  it  was  a  combination  of  BKC's  previous  experience  with  Cisco 
data  networks  and  Cisco's  commitment  to  IP  communications.  "Since  we 
were  moving  to  a  new  technology,  we  wanted  to  be  comfortable  that  we 
were  with  a  vendor  that  was  going  to  be  there  for  the  long  term,"  he  says. 


Learn  more  about  Cisco  IP  Communications 

Download  the  free  Cisco  "Straight  Talk  on  IP  Communications"  pack,  including  independent  evaluations, 
customer  success  stories  and  a  financial  justification  white  paper.  Visit:  www.nwfusion.com/gocy/adv2.; 
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8M  improves  autonomic  efforts 


■  BY  ANN  BEDNARZ 

ARMONK,  N.Y.  —  The  idea 
behind  the  technology  known  as 
autonomic  computing  is  that  cor¬ 
porate  resources  such  as  PCs, 
servers  and  software  will  take 
care  of  themselves  —  handle 
configuration,  identify  and  fix  ail¬ 
ments,  allocate  and  optimize 
resources, and  protect  themselves 
from  harm. The  theory  is  that  the 
more  components  can  manage 
themselves,  the  less  the  burden 
that  falls  on  IT  staff. 

Last  week  IBM  re-emphasized 
how  much  it  believes  in  the  tech¬ 
nology  by  forming  an  autonomic 
computing  division  dedicated  to 
expediting  the  addition  of  self¬ 
managing  and  self-correcting  fea¬ 
tures  throughout  its  products  and 
services.  It’s  a  step  in  the  right 
direction,  analysts  say  But  some 
users  remain  skeptical  about  the 
prospect  of  self-handling  IT  gear. 

Autonomic  computing  is  not 
new  to  IBM.  The  company  an¬ 
nounced  its  eLiza  computing  ini¬ 
tiative  in  April  2001,  and  already 
some  self-managing  features  are 
built  into  IBM  products, such  as  its 
Tivoli  management  line  and 
forthcoming  DB2  Version  8  data¬ 
base  software  (see  graphic). 

IBM  has  not  disclosed  its 
investment  in  autonomic  com¬ 


puting,  but  analysts  estimate  the 
company  is  spending  more  than 
$500  million  per  year. 

Nor  is  Big  Blue  alone  in  pursu¬ 
ing  self-healing  computing  efforts. 
Sun  last  month  shed  some  light 
on  its  touted  N1  initiative  to  ease 
network  management.  Its  first  N1 
deliverables  will  include  software 
that  helps  group  servers  and  stor¬ 
age  hardware  for  centralized  man¬ 
agement,  followed  next  year  by 
tools  for  provisioning  application 
resources,  Sun  says.  For  its  part, 
Hewlett-Packard  has  its  Utility 
Data  Center  architecture. 

But  the  creation  of  a  dedicated 
autonomic  computing  unit  sug¬ 
gests  IBM  is  stepping  up  its 
efforts. 

The  fact  that  IBM  has  estab¬ 
lished  a  division  devoted  to  auto¬ 
nomic  computing  and  made 
someone  responsible  for  strategy 
is  telling,  says  analyst  Jasmine 
Noel,  principal  of  JNoel  Associ¬ 
ates.  IBM  can  ensure  that  differ¬ 
ent  groups  are  working  toward 
the  same  goals,  for  example  by 
aligning  Tivoli  staff  and  hardware 
teams  that  both  are  developing 
management  software. 

Alan  Ganek,  former  vice  presi¬ 
dent  of  strategy  for  IBM 
Research,  will  lead  the  new  auto¬ 
nomic  computing  unit.  It  will 
coordinate  research  and  devel¬ 


opment  efforts  among  IBM’s 
hardware,  software  and  services 
teams  working  to  devise  smarter 
computing  systems.  The  effort 
will  include  design  centers 
where  customers  can  develop 
and  test  autonomic  technolo¬ 
gies,  IBM  says. 

Drake  Emko,  computer  pro¬ 


grammer  the  University  of  Flori¬ 
da’s  Northeast  Regional  Data 
Center  in  Gainesville,  says  some 
aspects  of  autonomic  comput¬ 
ing  seem  practical,  but  not  all. 

“I  think  autonomy  is  a  good 
idea  for  certain  things,  such  as 
rerouting  network  traffic  to 
increase  availability?’  Emko  says. 


Self-configuring  and  self-optimiz¬ 
ing  systems  “are  achievable,  at 
least  to  a  certain  extent,  and 
could  save  administrators  count¬ 
less  hours  of  grunt  work,”  he  says. 

But  he’s  more  skeptical  of  the 
self-healing  and  self-protecting 
goals  of  autonomic  computing. 
“I’m  not  confident  that  autono¬ 
my  in  fundamentally  unpre¬ 
dictable  fields  such  as  security 
and  bug  fixing  are  feasible 
goals,”  he  says.  It’s  hard  to  imag¬ 
ine  an  autonomic  solution  that 
can  foresee  all  the  problems  that 
might  occur  in  a  system  and  pro¬ 
tect  against  all  types  of  attacks, 
Emko  says. 

Ruslan  Zenin,  senior  system 
architect  at  UBS  Bank  in  Ontario, 
echoed  these  sentiments. 

“It  looks  perfect  in  theory” 
Zenin  says.  “However,  when  we 
jump  back  to  reality  we  have  to 
deal  with  many  implementation- 
specific  ‘small  problems’  [that] 
might  grow  into  monsters  that 
could  turn  into  showstoppers.” 

If  the  vision  of  autonomic  com¬ 
puter  were  to  be  realized,  Emko 
worries  about  the  false  sense  of 
security  it  will  give  administra¬ 
tors  and  managers.  “If  a  system 
can  configure,  run  and  maintain 
itself,  administrators  will  have 
less  incentive  to  learn  the  system 
in  depth,”  Emko  says.  ■ 


IBM  is  weaving  self-managing  features  into  its  entire 
product  line.  These  are  some  highlights: 

Management  software:  IBM'sTivoli  systems  management 
portfolio  this  month  gained  26  upgraded  products  with  autonomic 
capabilities,  includingTivoli  Identity  Manager,  which  automates  the 
deployment  of  user  access  rights,  andTivoli  Configuration  Manager, 
which  enables  integrated  inventory  and  software  distribution. 

Database:  DB2  Version  8,  due  to  ship  in  November,  will  include 
new  self-managing  and  self-tuning  features  such  as  Health  Center, 
which  monitors  database  operation,  and  Configuration  Advisor, 
which  automatically  can  initiate  database  configuration  steps 
such  as  allocating  memory  and  determining  processor  speeds. 

Application  server:  WebSphere  Application  Server  5.0,  due  to 
ship  in  November,  will  include  tools  for  automatically  monitoring, 
analyzing  and  fixing  performance  problems. 


Storage:  IBM’s  storage  portfolio  will  offer  autonomic  features 
such  as  policy-based  storage  management  provisioning:  trans¬ 
parent  data  movement  betweenstorage  pools;  transparent  addition, 
deletion  and  redeployment  of  storage;  and  autofailover  of 
virtualization  nodes. 


Nortel 

continued  from  page  1 

should  be  a  powerhouse  in  enterprise  IP 
telephony,  and  they  aren’t.” 

Once  considered  a  serious  threat  to 
Cisco’s  enterprise  network  dominance, 
Nortel  has  lagged  in  market  share  and  new 
product  offerings  as  the  company  has 
undergone  radical  restructuring  and  a 
shifting  of  focus  from  carrier  to  business 
customers.  When  Nortel  laid  off  more  than 
half  its  workforce  and  saw  losses  reach 
$3.5  billion  a  year  ago,  many  corporate  cus¬ 
tomers  became  spooked. 

“A  year  ago,  I  was  worried  about  Nortel’s 
focus  on  the  enterprise,”  says  Sheng  Guo, 
CTO  for  the  state  of  New  York  Unified  Court 
System,  which  deploys  a  variety  of  Nortel 
switches.  “Now,  at  least  for  the  time  being, 
they  seem  more  committed.” 

Although  Nortel  is  still  in  the  red,  its 
losses  are  half  what  they  were  a  year  ago 
•  it  expects  to  break  even  next  year. 

1  .  ■  >mpany  says  its  enterprise  business 
group  is  already  profitable. 

Non-:  reorganized  a  year  ago  into  three 
groups  i(>ng-haul  optical,  metropolitan- 
area  and  e.d'  rprise  networks, and  wireless. 
Nortel  again  reorganized  earlier  this 


month,  creating  four  groups  —  wireless 
networks,  wireline  networks,  enterprise  net¬ 
works  and  optical  networks. 

IP  phone  support  for  Version  2.0  of 
Nortel’s  CSE  1000  has  been  boosted  from 
650  users  per  server  to  1,000.  IP  trunking 
capabilities  also  were  added  to  the  IP  PBX, 
letting  CSE  1000s  be  networked  together 
and  managed  as  one  system,  with  a  total 
scale  of  around  10,000  users. Version  1.0  of 
the  CSE  1000  could  not  be  networked  with 
other  CSE  servers  to  support  more  users 
than  the  650  maximum. 

Version  2.0  of  the  CSE  1000  breaks  down 
into  three  parts:  the  Call  Server,  which  pro¬ 
vides  call  and  connection  services;  the 
Signaling  Server,  an  H.323-based  gateway 
for  connecting  to  other  Signaling  Servers; 
and  the  Succession  Media  Gateway  for  pro¬ 
viding  dial  tone  to  remote  sites. 

Optivity  Telephony  Manager  software  is 
included, which  can  be  used  to  make  adds, 
moves  and  changes  across  multiple  CSE 
1000  Call  Servers. 

Remote  offices  with  IP  phones  that  con¬ 
nect  to  a  centralized  IP  PBX  can  now 
deploy  Nortel’s  Media  Gateway,  a  device 
that  provides  locally  based  dial  tone  and 
telephony  features  in  case  an  IP  WAN  link 
to  the  central  CSE  1000  server  fails. 


The  New  York  Unified  Court  System  is 
testing  two  new  CSE  1000s  by  connecting 
more  than  1,000  IP  phones  between  court¬ 
houses  in  Queens  and  Manhattan.  Guo 
says  he  plans  to  add  more  CSE  1000s  to  the 
court  system’s  Nortel-based  Gigabit  Ether¬ 
net  metropolitan-area  network  over  the 
next  year  and  a  half,  eventually  bringing 
more  than  5,000  court  employees  onto  an 
all-IP-based  phone  network  in  early  2004. 

“It’s  a  big  thing  for  us  that  [CSE  1000] 
Version  2.0  supports  IP  trunking,”  Guo 
says.“Before,we  had  two  older  [CSE]  sys¬ 
tems  that  were  not  integrated.  Now  we 
can  manage  them  both  as  one  PBX.  IP 
trunking  will  also  allow  us  to  do  disaster 
recovery  of  the  phone  system,  which  is 
especially  important  to  us  after  last  year’s 
events.” 

As  his  primary  workgroup  switch,  Guo 
will  integrate  the  BayStack  460-24T-PRW 
—  a  24-port  10/100M  bit/sec  managed 
Ethernet  switch  that  provides  power  to 
devices  based  on  the  pending  803.3af 
standard  for  inline  power.  The  switch  is 
Nortel’s  first  inline  power  product. 

“Inline  power  is  a  requirement  for  us,”  he 
says.  “Having  to  plug  the 
phones  in  with  power 
adapters  in  the  past  was 


unreliable,”  because  a  power  outage 
would  have  taken  the  voice  and  data  net¬ 
works  down. 

CallPilot  2.0  is  the  latest  version  of 
Nortel’s  unified  messaging  server  software 
that  integrates  e-mail  and  voice  mail  mes¬ 
sages  into  one  in-box.  New  capabilities 
include  software  that  lets  users  access  text 
e-mails  over  a  voice  connection  by  having 
the  server  read  them  via  a  text-to-speech 
engine.  The  new  CallPilot  also  increases 
the  number  of  users  from  1 ,500  to  7,000. 

Current  Analysis’  Riggs  says  the  remote 
site  survivability  features  added  with  the 
CSE  1000  and  the  Succession  Media 
Gateway  bring  Nortel’s  IP  telephony  prod¬ 
ucts  up  to  par  with  competitors  such  as 
Cisco  and  Siemens.  Cisco  introduced  its 
Survivable  Remote  Site  Telephony  last 
year,  and  Siemens  is  expected  to 
announce  remote  office  survivability  for 
its  HiPath  5000  IP  PBXs  next  month. 

But  playing  catch-up  in  the  IP  telephony 
market  is  not  a  role  voice  leader  Nortel 
should  be  taking,  Riggs  says. 

“They  need  to  show  they  are  a  factor  in 
this  market  other  than  coming  out  with 
‘me-too’  product  announce 
ments  —  they  need  to  be 
more  of  a  leader?1  he  says.B 
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It  doesn’t  matter  what  business  you’re  in;  if  everyone  in  your 
company  is  not  working  in  real  time  at  all  times,  you’ve  got  problems. 
Financial  data  isn’t  accurate;  forecasting  is  imprecise;  and  investors  don’t 
know  what  to  believe.  mySAP™  Financials  helps  make  sure  there’s  one 
version  of  the  truth  across  your  entire  enterprise,  so  your  financial  data 
gives  you  the  kinds  of  insights  you  need  to  run  your  business.  Now  and 
into  the  future.  For  more  information,  visit  sap.com/solutions/financials 
or  call  us  at  800  880  1727.  _ 
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with  hubs,  and  you  want  IP  telephony,  an 
upgrade  is  probably  in  order. 

Having  LAN  switches  that  support  quality- 
of-service  (QoS)  technologies,  such  as 
802. Ip  traffic  prioritization, virtual  LAN  tag¬ 
ging  or  Differentiated  Services,  also  is 
important.  Many  IP  telephony  vendors 
build  QoS  into  their  equipment,  so  a  net¬ 
work  lacking  QoSenabled  switches  also  is 
a  candidate  for  an  upgrade  if  IP  telephony 
is  your  goal  —  though  there  are  users  who 
have  QoS-capable  switches  and  get  by 
without  flicking  the  QoS  switch,  preferring 
to  just  tolerate  the  occasional  snaps  and 
pops  on  the  line. 

Do  I  have  to  throw  out  my  PBX? 

Companies  such  as  Cisco  and  3Com, 
which  have  no  traditional  PBX  installed 
base,  have  pushed  their  customers  to 
make  a  wholesale  swap  from  circuit- 
switched  telephony  to  IP  Avaya,  Siemens, 
Nortel,  NEC  and  other  sellers  of  traditional 
PBXs  offer  IP  cards  for  their  systems  as  a 
way  to“lP-enable”them.  IP  enabling  a  PBX 
lets  customers  extend  their  PBXs  to 
branch  offices  via  IP  WAN  connections,  or 
even  to  IP  or  digital  phones  inside  a  cor¬ 
porate  headquarters. 

What’s  the  voice  quality  like? 

It  can  be  as  good  or  better  than  standard 
voice  quality  But  quality  is  in  the  ear  of  the 
beholder,  so  the  answer  depends  on  how 
discriminating  your  company’s  end  users 
are.  Some  companies  don’t  worry  much 
about  the  quality  of  VoIP  for  certain  inter¬ 
nal  calls.  But  if  the  calls  are  involved  di¬ 
rectly  with  revenue  generation,  companies 
typically  have  a  higher  standard. 

If  you  want  to  measure 
the  quality  of  aVoIP  call, 
there  are  methods,  in¬ 
cluding  the  MedianOpin- 
ion  Score  (MOS)  test, 
endorsed  by  the  Inter¬ 
national  Telecommuni¬ 
cations  Union  (ITU). 

MOS  involves  gathering 
people  into  a  room  to  lis¬ 
ten  to  calls,  after  which 
group  members  rate 
quality  on  a  scale  from  1 
to  5. Voice-quality  testing 
tools  based  on  comput¬ 
er  algorithms  also  are 
available  from  vendors  such  as  Agilent 
and  Empirix. 

Is  VoIP  really  less  expensive? 

You  can  make  a  good  case  for  it,  but  it’s 
hard  to  give  a  blanket  answer.Theoretically 
you  can  get  rid  of  some  phone  trunks  if 
j  use  a  single  network  for  all  traffic. You 
c  .)  avoid  expensive  toll  fees,  particularly 
for  international  calls.  You  can  cut  the 
administrative  cost  of  moving  phones 
when  someone  changes  offices  or  some¬ 
one  is  hired  or  fired.You  might  get  by  with 
fewer  employees  if  you  merge  data  and 


telecom  staffs.  But  you  have  to  factor  in  the 
cost  of  new  equipment,  increased  traffic 
on  your  data  network  that  can  require  big¬ 
ger,  more  expensive  links  to  service  pro¬ 
viders  and  higher-priced  services  based 
on  stringent  service-level  agreements  that 
voice  requires.  Some  users  worry  that 
because  VoIP  is  relatively  new,  software 
updates  will  be  more  frequent  than  with 
traditional  PBXs,  making  the  maintenance 
of  IP  PBXs  more  expensive.  You  have  to 
crunch  your  own  numbers  and  determine 
whether  it  makes  sense  for  you. 

If  the  power  goes  out,  does  the  VoIP 
network  stay  up? 

In  the  traditional  voice  world,  phones 
are  powered  by  the  PBX,  which  is  usually 
powered  by  a  back-up  power  source, 
which  can  sustain  the  system  through 
most  outages.  Running  voice  over  a  LAN 
introduces  more  devices  into  the  voice 
network  equation  —  and  that  means 
there  are  more  points  along  the  network 
that  can  be  affected  by  an  outage  and  cre¬ 
ate  phone  service  problems. 

One  preventive  measure  to  take  is  to  put 
back-up  power  supplies  on  all  LAN  switch¬ 
es  that  connect  IP  phones  and  IP  PBXs. 
Most  crucial  to  ensuring  phone  connectiv¬ 
ity  in  an  outage,  however,  is  to  make  sure 
phones  are  powered  over  their  network 
connections.  Vendors  such  as  Avaya,  Cisco 
and  Nortel  sell  Ethernet  switches  that  can 
deliver  electrical  power  along  with 
Ethernet  LAN  connectivity 

What  happens  to  VoIP  if  the  network 
fails? 

In  VoIP  deployments  where  a  centralized 
IP  PBX  controls  remote-office  phones,  the 
WAN  connection  is  a  voice  and  data  life¬ 
line.  If  the  link  goes  down,  dial  tone  as  well 
as  Internet  and  network 
access  can  be  lost.  Some 
vendors  include  tech¬ 
nology  in  their  routers 
or  remote  gateways  that 
lets  remote  IP  phone 
users  to  continue  mak¬ 
ing  phone  calls  through 
a  back-up  T-l  or  ISDN 
line  if  the  main  links  to  a 
central  IP  PBX  are  lost. 

Do  I  have  to  buy  spe¬ 
cial  phones? 

If  you  do  VoIP  to  the 
desktop  you  need  IP 
phones,  and  not  just  any  IP  phones.  Even 
though  all  LAN  telephony  gear  is  Ethernet- 
based,  it  does  not  yet  offer  the  same  level  of 
interoperability  as  Ethernet  computer  net¬ 
working.  This  is  because  most  vendors 
have  proprietary  protocols  and  software 
running  on  their  phones  and  call  servers 
that  don’t  work  with  those  in  others’  prod¬ 
ucts.  Some  IP  phone  systems  support  stan¬ 
dards  protocols  such  as  H.323,  Session 
Initiation  Protocol  (SIP)  and  Media  Gate¬ 
way  Control  Protocol.  This  lets  users  pur¬ 
chase  commodity  IP  phones  from  vendors 
such  as  Pingtel,  Polycom  and  Symbol 
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from  the  phone  and  out  onto  the  WAN 
IP  link.  But  the  firewall  only  does  this  in 
the  headers,  not  on  internal  parts  of  the 
packet.  When  IP  phone  gear  picks  up 
that  the  source  addresses  in  different 
parts  of  the  same  packets  don’t  match,  it 
drops  the  packets.  Firewalls  and  firewall 
add-ons  are  being  developed  so  they 
can  take  care  of  this  problem,  but  it’s 
something  you  have  to  know  about  and 
deal  with.  Another  firewall  problem  is 
that  because  they  are  designed  to  keep 
out  all  but  authorized  traffic,  they  would 
keep  out  legitimate  inbound  phone 
calls  as  well.  A  port  could  be  left  open  as 
a  hole  through  which  to  initiate  such 
calls,  but  your  security  experts  might  not 
like  that.  New  gear  called  session  con¬ 
trollers  establish  persistent  connections 
from  outside  firewalls  to  IP  phones 
inside  firewalls  to  create  a  more  secure 
hole  for  inbound  calls. 


Technologies. 

Many  vendors  also  have  gateways  that 
allow  analog  or  digital  sets  to  be  used  on 
their  IP-based  call  servers. 

What  protocol  do  I  use? 

The  choice  now  is  between  the  tried-and- 
true  and  the  cutting  edge.  H.323  products 
are  available,  stable  and  deployed.  SIP 
holds  promise  for  new  and  more  dynamic 
applications,  but  has  not  been  put  through 
the  paces  in  many  corporate  networks. 

What  cool  new  capabilities  do  we  get? 

Tops  on  the  list  is  unified  messaging.  Most 
VoIP  gear  makers  have  crafted  products 
that  let  end  users  read  e-mail  and  listen  to 
voice  mail  from  a  single  in-box,  integrated 
with  applications  such  as  Microsoft 
Exchange  and  IBM’s  Lotus  Notes. 

Telecommuters  are  benefiting  from  IP 
telephony  also.  Workers  with  home  VPN 
connections  and  IP  phones  (or  PC-based 
“softphones”)  can  extend  their  four-digit 
extensions  to  the  home  office. 

Many  IP  phones  are  becoming  more  like 
thin  IP  clients  than  phones.  Many  come 
with  LCD  displays  that  let  users  interface 
with  Web-based  applications  or  even  surf 
the  Internet.Some  users  enabled  IP  phones 
to  tap  into  back-end  XML  or  Java  applica¬ 
tion  servers. 

How  secure  is  VoIP? 

VoIP  gear  is  based  on  servers  that  are  as 
susceptible  to  attacks  as  any  others. They 
are  vulnerable  to  viruses, so  a  regular  reg¬ 
imen  of  updates  and  patches  is  required. 
Many  of  these  devices  have  Web-based 
management,  which  also  must  be  moni¬ 
tored  and  remedied  for  bugs  and 
vulnerabilities. 


Isn’t  it  hard  to  get  IP  voice  through  a 
firewall? 

Yes,  but  this  can  be  worked  out.  Unless 
every  phone  at  a  site  has  a  public  IP 
address,  the  firewall  will  6lt  nort  inflation  online, 

change  the  source  IP  ((yjy/j  Docfinder:  2848 


address  as  packets  pass 


If  I’m  running  voice  on  what  was  previ¬ 
ously  just  a  data  network,  what  becomes  of 
my  telecom  staff? 

This  is  a  tricky  one.  Some  IT  executives 
who  propose  transitions  to  IP  voice  cite  the 
cost  savings  their  companies  will  experi¬ 
ence  by  laying  off  the  telecom  staff.  In  an 
effort  to  save  their  jobs,  the  telecom  staff 
members  often  respond  by  attacking  the 
viability  of  IP  voice  in  an  effort  to  put  off 
the  projects.  Successful  transitions  have 
included  a  recognition  of  this  conflict  and 
dealt  with  it.  In  some  cases, cross-training  IT 
and  telecom  staff  has  resulted  in  much  bet¬ 
ter  phone  and  data  service. This  merging  of 
staff  might  not  be  possible  in  all  cases,  but 
IT  executives  should  anticipate  that  the 
conflict  will  come  up  and  plan  for  how  to 
deal  with  it. 

What  happens  to  QoS  when  I  pass  traffic 
off  to  my  service  provider? 

It  could  go  right  out  the  window  unless 
you  make  arrangements  with  your  carrier. 
You  need  to  let  the  carrier  know  that  you 
are  transporting  voice  to  its  network  and 
ask  how  the  carrier  can  guarantee  the  traf¬ 
fic  will  get  priority  treatment. 

The  carrier  might  have  a  network  that 
uses  the  same  priority  markers  you  use  on 
your  LAN  or  might  be  able  to  map  your 
priority  scheme  into  its  priority  scheme. 
The  capability  will  likely  cost  you  extra, 
but  the  service  should  come  with  measur¬ 
able  service-level  guarantees  to  give  you 
some  degree  of  comfort  that  voice  will  be 
treated  well. 

Does  91 1  still  work? 

It  had  better.  The  technology  exists  so 
that  when  an  end  user  takes  his  phone 
and  moves  it  to  another  office,  the  91 1 
system  knows  about  the  new  location, 
and  emergency  personnel  can  find  the 
person.  Depending  on  whose  gear  you 
buy,  updating  the  location  database 
might  require  manual  entries  or  it  might 
limit  the  number  of  times  a 
phone  can  be  moved  per 
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Cisco  Systems 


Integrating  Security  Into  the  Network 

The  New  Strategy  for  Defending  Your  E-business 

What  is  the  risk  of  poor  network  security  to  your  business?  An  average  of  nearly 
US  $2  million  per  year,  as  reported  by  respondents  to  a  recent  2002  survey  by 
the  U.  S.  Federal  Bureau  of  Investigation  (FBI).  Threats  to  network  security  are 
a  continuous  and  complex  challenge  for  your  enterprise.  These  threats  will 
continue  to  grow — and  new  threats  will  emerge — as  your  networks  become 
more  open,  extend  to  more  locations,  enable  more  applications,  and  support 
new  technologies  such  as  mobility  and  IP  telephony. 


The  changing  demands  on  network  security  can  already  be  seen 
in  the  rising  number  of  computer  breaches.  In  the  CSL/FBI’s  2002 
Computer  Crime  and  Security  Survey ,  90  percent  of  respondents 
(primarily  large  corporations  and  government  agencies)  detected 
computer  breaches  within  twelve  months,  with  80  percent 
acknowledging  financial  losses  due  to  these  breaches. 

While  still  a  critical  part  of  an  overall  security  solution,  firewalls 
and  other  standalone  network  security  products  are  no  longer 
adequate  for  protecting  your  network  from  internal  and  external 
attacks.  Both  network  and  security  professionals  are  discovering 
that  today’s  networks  need  a  new,  comprehensive  approach  to 
security,  one  in  which  multiple  security  components  overlap  each 
other  in  a  flexible,  layered  solution. 

Cisco  Systems  is  leading  the  industry  by  delivering  the  first  solutions 
for  comprehensive  network  security:  a  set  of  five  new  modules 
that  will  integrate  essential  security  functions  on  the  Cisco 
Catalyst  6500  Series  of  multilayer  switches.  Individual  modules 
provide  up  to  gigabit  performance  for  firewall,  intrusion  detection, 
secure  sockets  layer  (SSL)  processing,  network  analysis  manage¬ 
ment,  and  virtual  private  network  (VPN)  capabilities.  These 
modules  add  to  the  services  for  increased  business  resilience  and 
availability  brought  to  Catalyst  switches  by  the  existing  Content 


Switching  Module  (CSM).  By  supporting  a  comprehensive  choice 
of  security  functions,  the  Cisco  Catalyst  6500  Series  modules 
enable  the  modular,  flexible  deployment  of  scalable  security  nec¬ 
essary  to  your  vital  networks,  applications,  and  business  operations. 

Why  Embedded,  Integrated  Security? 

There  are  many  sound  reasons  to  adopt  an  integrated  design  for 
network  security,  including: 

•  The  continuing  variety  and  volume  of  network  threats,  which 
can  only  be  addressed  by  a  “defense-in-depth”  strategy,  sup¬ 
ported  by  multiple  and  cohesive  security  components. 

•  Yesterday’s  security  products  were  designed  for  dedicated  enter¬ 
prise  networks  with  a  limited  number  of  connections  to  other 
networks.  Today’s  interconnected  networks  have  hundreds,  and 
sometimes  thousands  of  interconnections  to  other  networks — 
requiring  security  products  that  can  support  an  architecture  for 
many  different  network  designs. 

•  As  networks  continue  to  grow  and  change,  the  security  design 
must  keep  pace — transparently — while  enabling  your  network 
to  continually  deliver  the  required  scalability  and  performance. 

•  Integrated  security  supports  the  smooth  functioning  of  your 
entire  e-business  infrastructure,  assuring  that  security  functions 
do  not  become  a  hindrance  to  sales  and  other  online  activity. 
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About  the  Cisco  Catalyst  6500  Series  Switches 

Cisco  Catalyst  6500  Series  Switches  deliver  highly  available, 
secure,  and  converged  network  services  for  enterprise  and 
service  provider  networks.  These  switches  support  gigabit 
scalability,  high  availability,  rich  services,  and  multilayer 
switching  in  backbone,  distribution,  and  wiring  closet 
topologies  as  well  as  data  center  environments.  The 
Catalyst  6500  Series  also  offers  exceptional  scalability  and 
value  by  supporting  a  wide  range  of  interface  densities, 
performance,  and  integration  of  powerful  services  modules. 

By  combining  superior  control-plane  and  packet-forwarding 
scalability  with  a  rich  set  of  intelligent  services,  the  Catalyst 
6500  Series  gives  enterprises  a  foundation  for  converged 
voice/video/data  networks  and  e-commerce  services. 


•  Network  operations  and  management  are  simpler  with  inte¬ 
grated  security,  with  the  associated  benefits  of  lower  costs. 

•  A  comprehensive,  embedded,  and  integrated  security  design  is 
more  compatible  with  initiatives  for  new,  interconnected  net¬ 
work  technologies  such  as  VPNs,  wireless,  and  IP  telephony. 

True  integration  means  more  than  simple  interoperability  among 
security  components;  pervasive  network  security  requires  a 
comprehensive  design.  The  SAFE  Blueprint  from  Cisco  gives 
businesses  of  all  sizes  a  comprehensive  set  of  best  practices  for 
creating  a  secure,  defense-in-depth  network.  The  integrated 


security  modules  for  Cisco  Catalyst  6500  Series  switches  are 
based  on  the  SAFE  Blueprint,  assuring  a  good  fit  into  your  overall 
network  architecture  and  security  strategy. 

Where  is  the  logical  point  for  integrating  security  capabilities?  In 
the  network  infrastructure.  The  campus  switch  enables  several 
advantages  because  of  its  key  role  in  the  network  infrastructure. 
These  advantages  include: 

•  Higher  performance  of  security  functions  without  any 
degradation  of  switch  performance 

•  Increased  network  flexibility,  scalability,  and  availability 

•  Protection  of  the  network  core  because  the  Cisco  Catalyst  6500 
Series  switches  become  self-protecting 

•  Reduced  overall  cost  of  network  ownership,  through  the  ability 
to  leverage  existing  network  resources 

•  Seamless  converged  networks  with  security  for  all  network  services 

•  Increased  collaboration  among  networking  and  security  opera¬ 
tions,  a  critical  requirement  for  defense  against  today’s  increas¬ 
ingly  sophisticated  attacks 

Integrating  Security  with  Cisco  Catalyst  6500 
Series  Switches 

The  Catalyst  6500  Series  security  modules  will  support  two 
configurations: 

•  Multiple  security  functions  on  a  single  switch,  through  the 
installation  of  the  appropriate  modules. 

•  Dedicated  and  enhanced  processing  of  a  single  security 
function,  such  as  intrusion  detection,  through  installation  of 
multiple  modules  of  the  same  type  in  a  single  switch. 


Cisco  Catalyst  6500  Series 

Services  Modules 

Description 

Firewall  Services  Module 

Implements  firewall  protection  with  up  to  OC-48  or  5  Gbps  aggregate  throughput  and  support 
for  up  to  1  million  concurrent  connections.  This  module  is  based  on  the  award-winning  Cisco 

PIX®  Firewall  technology. 

SSL  Services  Module 

Secures  Web  transactions  with  support  for  up  to  60,000  concurrent  connections  and  up  to 

4,000  new  connections  per  second. 

IP  Sec  VPN  Services  Module 

Provides  secure,  gigabit-rate  VPN  termination  and  traffic  encryption  to  connect  remote  offices 

and  mobile  users. 

Network  Analysis  Module 

Monitors  network  activity  in  a  gigabit  environment,  with  a  Web-based  traffic  analyzer  to  quickly 
identify  potential  security  threats  in  the  application  layer. 

Content  Switching  Module  (CSM) 

With  a  full  set  of  Layer  4-7  features,  the  Content  Switching  Module  (CSM)  integrates  advanced 
content  switching  into  the  Catalyst  6500  Series  to  provide  high-performance,  high-availability 
load  balancing  of  firewalls,  web  servers,  caches,  and  other  network  devices. 

N^lrttrusion  Detection  System  (IDS)  Module 

Processes  network  traffic  directly  from  the  switch  backplane  to  detect  and  mitigate  network  intrusions. 
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Figure  1. 

For  an  extranet,  the  Catalyst  modules  can  replace  standalone  security  devices. 
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Do  Standalone  Security  Devices  Still  Have  a 
Role  in  Your  Network? 

Although  the  arguments  are  compelling  for  moving  to  an 
integrated  security  design,  standalone  security  devices  still 
have  a  role  in  many  networks.  A  standalone  device,  such 
as  a  firewall  appliance,  may  be  just  the  right  solution  for 
a  specific  site  or  specialized  application. The  SAFE 
Blueprint  offers  guidance  for  choosing  between  integrated 
and  standalone  devices  to  meet  specific  security  needs. 


All  modules  are  based  on  Cisco's  powerful  node  switch  processor 
(NSP)  technology,  which  supports  greater  performance,  flexibility, 
and  functionality  than  competitive  products  based  on  application 
specific  integrated  circuit  (ASIC)  technology. 

The  Catalyst  6500  Series  security  modules  can  be  managed  by 
Cisco  network  management  products  as  well  as  selected  applica¬ 
tions  from  Cisco  ecosystem  partners.  The  integrated  security 
design  for  the  Catalyst  6500  Series  is  compatible  with  standalone 
security  appliances  from  Cisco,  including  Cisco  PIX  Firewalls  and 
Cisco  Intrusion  Protection  products. 

Two  types  of  enterprise  networks  provide  examples  for  applica¬ 
tions  of  integrated  security.  The  first  example,  shown  in  Figure  1, 
is  a  vendor  extranet  that  replaces  separate  devices  for  firewall  and 
intrusion  detection  with  the  appropriate  modules  on  a  Catalyst 
6509  switch.  In  this  example,  the  enterprise  can  eliminate  the 
costs  and  management  burden  of  separate  devices  while  realizing 
greater  operational  efficiency  and  return  on  investments  in  the 
Catalyst  6500  Series  switches. 

Will  Security  Processing  Impact  Switch  Performance? 

Given  the  ever-growing  traffic  volumes  and  demands  for  switch 
services,  network  managers  are  understandably  wary  about  adding 
new  functions  to  a  campus  switch.  Security  functions  require  high 
processing  capabilities,  leading  to  a  concern  about  their  impact  on 
switch  performance.  Cisco  has  addressed  this  concern  by  develop¬ 
ing  security  modules  that  no  longer  require  tradeoffs  in  network 
performance  for  increases  in  security.  The  newly  released  Cisco 
Catalyst  6500  security  modules  offer  the  fastest  performance 
available  today  for  security  throughput,  assuring  no  significant 
impact  on  switch  performance. 

From  a  network  manager’s  perspective,  additional  advantages  of 
security  integration  include: 

•  An  enhanced  networking  solution  through  integration  of  a  high- 
performance  Catalyst  6500  Series  switch  with  market-leading 
security  technology 

•  Protection  of  investments  in  Catalyst  and  NSP  technologies  with 
no  compromise  in  security  functions  or  network  performance 

•  Easy  integration  into  existing  Cisco  Catalyst  6500  Series 
switches 

•  Scalable  and  flexible  design  for  adding  security  functions  as  needed 

•  Tighter  integration  of  security  with  network  services  such  as 
traffic  policing  and  shaping 
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Why  Should  I  Place  Security  Functions  in  the 
Campus  Switch? 

A  natural  concern  of  security  managers  is  that  integrating  security 
functions  at  a  single  point — the  campus  switch — presents  a  risk 
in  itself.  Yet  the  advantages  of  integration  present  a  strong  case 
for  making  the  shift  from  standalone  devices.  For  a  security  man¬ 
ager,  the  advantages  of  integration  include: 

•  A  modular  design  that  enables  high  scalability  and  significantly 
reduced  costs,  operational  complexity,  and  management 
burden  compared  to  standalone  devices 

•  Security  services  that  are  adaptable  to  a  wide  range  of  network 
topologies  through  integration  of  diverse  security  modules 

•  Security  modules  deliver  performance  significantly  higher  than 
the  levels  offered  by  standalone  devices 

•  Performance  of  discrete  security  functions  can  be  increased  by 
installing  multiple  modules  of  a  single  type  (e.g.,  firewall) 

•  Network  growth  and  change  can  be  accommodated  easily  by 
adding  new  modules,  as  an  alternative  to  adding  standalone 
devices 

Choosing  an  Integrated  Security  Solution 

Cisco’s  integrated  approach  to  network  security  reflects  network¬ 
ing  leadership  that  will  enable  your  business  to  more  effectively 
meet  security  needs  today  and  well  into  the  future.  Cisco  is  the 
only  vendor  currently  offering  an  integrated  design  and  campus 
switch  modules  for  all  essential  aspects  of  network  security. 
Together,  the  Cisco  Catalyst  6500  Series  switches  and  integrated 
security  modules  deliver  an  outstanding  solution  for  campus  net¬ 
working  and  embedded,  integrated  network  security. 


Cisco  Systems  and  WebEx:  Extending  Integrated 
Network  Security  with  the  Catalyst  6500  Series 

Cisco  customer  WebEx  Communications,  Inc.  has  been 
testing  the  new  firewall,  VPN,  and  SSL  modules  for  the 
Cisco  Catalyst  6500  series.  "Our  testing  of  the  firewall 
module  so  far  has  shown  significantly  faster  sustained 
throughput  than  any  other  device  we  have  found  with 
similar  functionality,"  said  Hesham  Eassa,  Manager  of 
Network  Engineering  for  WebEx.  This  higher  level  of  fire¬ 
wall  performance  will  enable  WebEx  to  deploy  more  fire¬ 
walls  than  would  be  the  case  with  standalone  devices,  an 
important  consideration  for  this  operator  of  a  large,  global 
communications  network. 

Headquartered  in  San  Jose,  California,  WebEx  provides 
interactive  conferencing  services  over  the  telephone  or 
Web.  These  services  are  supported  by  a  Cisco  AVVID 
(Architecture  for  Voice,  Video  and  Data)  network  that  inte¬ 
grates  voice,  video,  and  data  for  enterprise  activities  such 
as  meetings,  presentations,  training,  and  collaboration. 


Talk  LIVE  to  Cisco  switching  and  security  experts  and 
learn  how  integrated  security  can  help  protect  YOUR 
network.  Register  at  www.cisco.com/go/SecurityTechTalk 


For  More  Information: 

Cisco  Catalyst  6500  Series:  www.cisco.com/go/Catalyst6500 
SAFE  Blueprint:  www.cisco.com/go/safe 
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Foundry  pushes  copper  Gig 


■  BY  PHIL  HOCHMUTH 

SAN  JOSE  —  Foundry  Networks  next 
month  is  expected  to  introduce  copper 
Gigabit  and  Layer  4  to  Layer  7  switches 
aimed  at  users  looking  to  bring  high-speed 
links  to  desktops  and  server  farms. 

The  new  Edgelron  24G  is  a  fixed-config¬ 
ured  copper  Gigabit  switch  that  could  let 
businesses  take  advantage  of  low-cost 
Gigabit  PC  and  server  network  interface 
cards  (NIC)  for  running  high-bandwidth 
applications,  such  as  IP  video  over  Gigabit 
Ethernet.  The  modular  Fastlron3208RGC 
provides  high-density  copper  Gigabit  for 
larger  data  centers,  with  10G  Ethernet 
uplink  options. 

Foundry’s  Serverlron  100  series  is  aimed 
at  customers  looking  for  a  chassis-based 
server  or  firewall  load-balancing  switch  for 
improving  data  center  server  availability  or 
for  making  security  appliances, such  as  fire¬ 
walls  and  Secure  Sockets  Layer  (SSL) 


Foundry's  Fastlron 
3208RGG  features: 

•  Gigabit  over  copper. 

•  Layer  2  and  Layer  3 
switching. 

•  32  100/1000  auto¬ 
sensing  ports. 

•  Support  of  a  10G 
Ethernet  module. 

accelerators,  more  reliable  and  fast. 

All  three  switches  are  expected  to  be  un¬ 
veiled  at  NetWorld+Interop  2002  in  Paris, 
which  runs  from  Nov.  4-7. 

Foundry’s  Fastlron  3208RGC  is  a  four-slot 
modular  switch  with  40  lOO/lOOOBase-T 
copper  ports  on  two  blades,  and  eight 
mini-gigabit  interface  converter  (GBIC) 
ports  on  its  management  module.  One  slot 
is  open  for  additional  Gigabit  or  10G 


Ethernet  ports.  The  midsize  modular  box 
will  compete  with  Cisco’s  Catalyst  4000 
and  its  new  Catalyst  6503  series  boxes  and 
Extreme  Networks’ Alpine. 

The  Serverlron  100  series  of  Layer  4  to 
Layer  7  switches  will  come  in  three  fla¬ 
vors:  the  2402  version  with  24 
10/100  ports  and  two  fiber  Gigabit 
ports;  the  8GC02E  with  eight 
Gigabit  copper  and  two  fiber 
Gigabit  ports;  and  the  8G  model, 
with  eight  fiber  Gigabit  ports.  All  three 
models  can  handle  7  million  concurrent 
Layer  4  to  Layer  7  sessions,  and  support 
Foundry  Web  switching  features  such  as 
Web  server,  SSL  and  firewall  load-balanc¬ 
ing,  and  Syn-Guard  and  DoS  Mitigation,  for 
stopping  network-based  attacks. 

Foundry  says  its  new  copper  Gigabit 
and  load-balancing  switches  target  busi¬ 
nesses  with  1,000  to  9,999  employees  — 
an  area  where  the  company  says  it  sees 
See  Foundry,  page  22 


3Com  knows  jack — Network  Jack 

New  network  faceplate/switch  could  save  cabling  costs,  connect  IP  phones. 


■  Stratus  believes  in  Windows. 

The  company  last  week  said  it  is 
backing  one  of  its  fault-tolerant 
servers  with  a  $100,000  guarantee 
that  the  system  will  not  crash  when 
running  Microsoft's  Windows  2000 
Advanced  Server.  Under  the  terms 
of  the  Perfect  Performance  pro¬ 
gram,  Stratus  will  pay  any  customer 
who  experiences  downtime  from  an 
operating  system  or  hardware  fail¬ 
ure  on  its  ftServer  6500  product. 
Stratus  makes  strengthened  ver¬ 
sions  of  Intel-based  servers  that 
include  either  double  or  triple  the 
number  of  standard  components  to 
ensure  the  system  will  not  go  down. 
If  a  processor  fails,  the  Stratus 
servers  have  spare  chips  to  pick  up 
the  workload.  Users  who  want  to 
take  advantage  of  the  deal  will  need 
to  purchase  an  ftServer  6500  sys¬ 
tem  with  triple  redundant  compo¬ 
nents  and  Stratus'  support  services. 
With  four  processors,  this  system 
costs  about  $150,000.  www. 
stratus.com 

■  Intel  will  invest  $150  million  in 
companies  developing  802.11b  and 
other  wireless  network  products,  the 
chip  maker  said  last  week.  The 
money  will  come  from  the  $500  mil¬ 
lion  Intel  Communications  Fund 
established  three  years  ago.  The 
fund  will  invest  in  companies  devel¬ 
oping  hardware  and  software  prod¬ 
ucts  and  services  that  enable  user- 
friendly  and  secure  wireless  network 
connections,  simpler  billing  proce¬ 
dures,  a  robust  infrastructure  and 
new  ways  to  connect  while  on  the 
road,  Intel  says.  802.11b,  or  Wi-Fi,  is  a 
standard  for  wireless  LANs  operat¬ 
ing  in  the  2.4-GHz  spectrum  offering 
transmission  speeds  up  to  11M 
bit/sec.  An  increased  uptake  of  wire¬ 
less  LAN  will  benefit  Intel.  The  chip 
maker  in  the  first  half  of  next  year 
will  launch  a  chip,  code-named 
Banias,  that  has  built-in  support  for 
802.11b  and  802.11a.  802.11a  is  a 
standard  for  wireless  LANs  operat¬ 
ing  in  the  5-GHz  frequency  range 
with  a  maximum  data  rate  of  54M 
bit/sec.  www.intel.com 


■  BY  PHIL  HOCHMUTH 

SANTA  CLARA  —  3Com  this  week  is 
releasing  an  SNMP-manageable  version  of 
its  Network  Jack  that  is  intended  to 
increase  the  number  of  Ethernet  ports  in 
cubicles  or  office  faceplates  while  not 
requiring  company’s  to  pull  costly  new 
wires  to  desktops. 

The  network  faceplate  replacement 
product  is  an  upgrade  to  the  NJ100, 
released  earlier  this  year. The  new  version 
can  be  managed  via  SNMP-based  tools 
such  as  Hewlett-Packard’s  OpenView, 
CiscoWorks  or  3Com’s  Network  Manager 
Solution  software. SNMP  also  can  be  used 
to  deactivate  ports  on  an  NJ200  deployed 
in  a  common  area,  such  as  a  conference 
room  or  school  classroom,  after  business 
hours  to  prevent  unauthorized  network 
access.  The  NJ200  Network  Jack  has  four 
10/100M  bit/sec  ports. 

The  NJ200  can  save  users  money  in  the 
area  of  cable  installations,  3Com  says. 
Instead  of  pulling  more  network  lines  to 
support  more  ports  for  desktop  LAN 
phones  or  other  devices,  the  NJ200  can  be 
used  to  link  up  to  four  devices  to  a  LAN 
over  a  single  cable  from  the  desktop  to  the 
wiring  closet. 


3Com's  NJ200  Network  Jack  includes  a  four 
port  managed  switch. 


In  addition  to  providing  four  switched 
LAN  ports,  a  single  port  on  the  device 
also  supports  the  proposed  IEEE  802. 3af 


inline  power  standard,  which  could  be 
used  to  power  voice-over-IP  phones, 
wireless  LAN  access  points  or  other 
devices  that  can  be  powered  over 
Ethernet  connections.The  NJ200  can  be 
powered  over  an  802.3af-based  switch, 
supported  by  companies  such  as  Avaya, 
Nortel  and  Cisco,  or  via  Cisco’s  propri¬ 
etary  in-line  power  technology  on  its 
Catalyst  switches. 

About  a  dozen  NJ200  devices  are  slated 
for  installation  at  Atlantic  Union  College  in 
Lancaster,  Mass.,  where  IT  staff  will  connect 
groups  of  three  and  four  PCs  in  offices  and 
student  PC  labs  to  the  LAN. 

“Before, we  just  had  dumb  hubs  on  desks, 
which  took  up  a  lot  of  room,”  says  Peter 
Conrad,  an  IT  technician  at  the  school. 
“Now  we’ll  have  managed  switch  ports 
down  to  each  PC.” 

The  NJ200s  will  connect  back  to  HP 
Procurve  switches  in  the  wiring  closets  and 
LAN  backbone,  Conrad  says.  He  adds  that 
he  is  looking  into  powering  the  school’s 
3Com  wireless  LAN  access  points  over  the 
NJ200  devices. 

The  NJ200  Network  Jack  is  available  for 
$220  for  a  single  unit  and  $4,075  for  a  pack 
of  20. 

3Com:  www.3com.com 
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Ah, yes, another  switch  throughput  per¬ 
formance  test.  And  look  —  this  ven¬ 
dor,  too,  says  its  product  also  performs 
at  wire  speed.  As  I  thumb  through  the  ven¬ 
dor’s  marketing  collateral,  I  carefully  read 
the  test  methodology  to  gain  a  better 
understanding  of  the  conditions  that  the 
vendor  meets  to  achieve  wire-speed  perfor¬ 
mance.  You  should,  too. 

My  cause  for  alarm  is  that  all  throughput 
tests  are  not  created  equal,  a  common 
misconception.  Configurations  for 
throughput  tests  come  in  all  shapes  and 
sizes:  unidirectional,  bidirectional,  full- 
mesh,  many-to-one  port  pairing  and  one- 
to-many  port  pairing.  Within  that  collec¬ 
tion  of  possibilities,  one  must  take  into 
consideration  the  type  of  system  being 
tested.  Is  it  a  stackable  or  a  chassis-based 
system?  Has  the  test  been  designed  to 
show  the  capabilities  of  the  line  card  (in  a 


Interpreting  throughput  testing  —  read  the  fine  print! 


chassis-based  system),  or  is  it  demonstrat¬ 
ing  the  switching  fabric  of  the  backplane 
or  a  hybrid  of  both? 

Each  test  is  valid  —  yet  each  one  has  a 
different  meaning  in  the  results  it  delivers. 
Take  unidirectional  tests.  We  are  living  in  a 
world  where  everything  is  full-duplex  (bi¬ 
directional)  in  nature.  This  is  one  reason 
why  we  have  moved  away  from  single  col¬ 
lision  domain  hubs  to  switches.  Conse¬ 
quently  unidirectional  tests  today  have  lim¬ 
ited  value. 

Full-mesh,  many-to-one  port  pairing, 
one-to-many  port  pairing  . . .  what  do  they 
all  mean?  Am  I  comparing  apples  to 
apples  when  comparing  these  test 
results?  The  answer  is,  it  depends.  It 
depends  on  your  intended  application.  A 
port-pairing  test  on  10G  Ethernet  inter¬ 
faces  is  acceptable  in  an  enterprise  prod¬ 
uct  where  the  10G  Ethernet  uplink  ports 
will  be  used  to  connect  buildings.  How¬ 
ever,  in  a  service  provider-class  device,  a 
full  mesh  of  10G  Ethernet  ports  might  be 
more  appropriate  to  demonstrate  the 
nonblocking  architecture  of  the  device. 

Workgroup  switches  that  contain  mixed 
topologies  (Fast  Ethernet  with  Gigabit 
Ethernet  uplinks)  are  more  appropriately 


My  cause  for  alarm  is 
that  all  throughput  tests 
are  not  created  equal,  a 
common  misconception. 

tested  using  a  many-to-one  or  one-to- 
many  port-pairing  configuration.  The  col¬ 
lection  of  workstations  (Fast  Ethernet 
ports)  will  not  suffer  any  degradation 
when  exiting  the  workgroup  switch  on 
the  Gigabit  Ethernet  uplinks  in  a  nonover- 
subscribed  scenario.  By  this  I  mean  that 
the  configuration  is  10  Fast  Ethernet  ports 
to  a  single  Gigabit  Ethernet  port  and  vice 
versa,  with  any  remaining  Fast  Ethernet 
ports  thrown  into  a  full  mesh  among 
themselves.This  type  of  test  configuration 
also  adequately  exercises  the  switching 
fabric  because  every  packet  must  hit  the 
switching  fabric  to  traverse  the  different 
topologies.This.of  course,  depends  on  the 
vendor’s  switch  design. 

Aggregation  switches  can  be  a  little 


tricky.  These  switches  tend  to  be  chassis- 
based,  where  one  needs  to  examine  the 
specific  needs  of  the  speeds  and  feeds. We 
need  to  look  for  intramodule  perfor¬ 
mance  (where  switching  happens  within 
a  single  line  card)  and  intermodule  tests 
that  exercise  the  backplane.  So,  it  is  not 
unreasonable  to  see  a  configuration  of  an 
eight-port  line  card,  two  of  which  are  used 
for  intermodule  tests  and  six  others  for 
intramodule  full-mesh  tests. 

Like  workgroup  switches,  look  for  core 
switches  tested  in  a  full-mesh  configuration 
that  fully  exercise  the  switch  fabric  to 
reveal  a  nonblocking  total  capacity 

In  all  switch  tests,  there  is  value  to  be 
had.  Read  the  marketing  collateral  fine 
print  and  seek  out  the  exact  conditions 
that  allow  for  the  vendors  wire-speed 
claims.  Only  then  will  you  really  under¬ 
stand  if  the  product  truly  fits  your  needs  or 
whether  the  marketing  collateral  contains 
more  marketing  spin  than  reliable  product 
performance  data. 

Tolly  is  a  senior  engineer  with  The  Tolly 
Group,  a  strategic  consulting  and  indepen¬ 
dent  testing  company  in  Manasquan,  N.J. 
He  can  be  reached  at  btolly@tolly.com. 


Cisco  acquires  Psionic  Software 


■  BY  PHIL  HOCHMUTH 

Cisco  last  week  acquired  intru¬ 
sion-detection  system  software 
maker  Psionic  Software  for  $12 
million  in  stock. 

The  move,  Cisco’s  fifth  acquisi¬ 
tion  this  year,  is  aimed  at  improv¬ 
ing  Cisco’s  IDS  product  line, 
which  includes  hardware-based 
appliances  and  server-based  soft¬ 
ware  products.  Cisco  says  it 
hopes  to  introduce  new  IDS 
products  based  on  technology 
from  Psionic  that  will  reduce  the 
amount  of  false  alarms  in  IDS 
systems.  Cisco  says  Psionic  soft¬ 


ware  could  help  reduce  such 
alarms  by  up  to  95%. 

This  could  help  companies  by 
letting  IT  and  security  staff  take 
action  only  on  legitimate  net¬ 
work-based  security  threats  in¬ 
stead  of  wasting  resources  and 
time  on  nonthreatening  network 
events  that  IDS  misidentifies. 

1DC  estimates  that  IDS  products 
and  services  will  account  for 
almost  one-fifth  of  the  $13  billion 
IT  security  market  next  year. 

Psionic  was  founded  in  Austin, 
Texas,  in  1996.  Its  products  in¬ 
clude  ClearResponse,  an  IDS 
analysis  software  product;  and 


TriSentry  a  suite  of  port-scanning 
detection  and  host-based  IDS 
tools.  The  company’s  eight  em¬ 
ployees  will  move  to  Cisco’s  VPN 
and  Security  Services  business 
unit.  Products  from  this  group 
include  PIX  firewalls,  IDS  host  sen¬ 
sors,  and  the  3000  and  7000  series 
ofVPN  routers, concentrators  and 
hardware  clients.  ■ 

News  Alert 
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DocFinder:  5434  www.nwfusion.com 


Foundry 

continued  from  page  21 

more  network  expansion  than 
that  in  large  or  Fortune  100  com¬ 
panies,  where  the  company’s 
high-performance  chassis  have 
been  targeted. 

The  Fastlron  3208RGC  and 
Serverlron  100  fill  holes  in  Foun¬ 
dry’s  product  line  between  its 
low-end  stackable  copper  Giga¬ 
bit  and  load-balancing  boxes, 
and  its  larger  chassis-based 
Biglron  and  Serverlron  products, 
observers  say. 

The  Edgelron  24G  is  a  stack- 
able  24-port  switch  with 
10/1 00/ 1 000M  bit/sec  copper 
connections.  Four  mini-GBIC 
slots  also  are  included  for  fiber 
or  copper  uplinks.  The  Layer  2 
box  supports  802. 1  p/Q  traffic  pri¬ 
oritization/virtual  LAN  tagging 
and  the  803. 1W  standard  for 
Rapid  Spanning  Tree  Protocol 
(RSTP),  which  lets  a  Layer  2  link 
failover  to  a  redundant  link  in 
less  than  a  second,  compared 
with  Spanning  Tree  Protocol, 
which  can  take  up  to  30  seconds 
to  reroute  around  a  bad  link. 

The  Edgelron  24G  will  compete 
with  stackable  copper  Gigabit 
boxes  from  Cisco,  3Com,  Extreme 
Networks,  Nortel,  Hewlett-Packard 
and  Dell. 

With  its  Edgelron  24G,  Foundry’ 
says  it  is  countering  switch  ven¬ 
dors  offering  low-priced  copper 
Gigabit  products  —  such  as  Dell 
and  Netgear,  which  offer  Gigabit 


at  less  than  $100  per  port  —  with 
extra  features  such  as  RSTP  and 
quality  of  service.  The  Edgelron 
24G  costs  about  $200  per  port. 

Foundry  joins  the  Gigabit 
bonanza  from  vendors  as  prices 
continue  to  fall  fast.  According 
to  IDC,  the  average  price  for  a 
fixed-configured  Gigabit  Ether¬ 
net  switch  port  has  dropped 
from  about  $800  per  port  in  1998 
to  about  $150  to  $200  per  port 
this  year.  During  the  same  time. 
Gigabit  NICs  also  have  come 
down  from  an  average  of  $500  to 
the  $200  range  today.  Many  com¬ 
panies,  such  as  Dell,  HP  and 
Apple, include  built-in  lOOOBase- 
T  connections  on  their  PC  moth¬ 
erboards. 

The  Edgelron  24G  and  the 
Serverlron  100  series  will  be 
available  next  month  for  $6,500 
and  $35,000,  respectively.  The 
Fastlron  3208RGC  is  available 
now  starting  at  $27,500.  ■ 
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DocFinder  2834 


Sun  increases  blade  power 


■  BY  TOM  KRAZIT 

Sun  is  phasing  out  its  900-MHz  Sun  Blade  2000 
high-end  workstation  with  a  faster-processor 
model,  but  the  upgrade  will  not  affect  the  Unix 
machine’s  entry-level  price,  the  company  said 
last  week. 

The  new  Sun  Blade  2000  model  will  feature  a 
1.015-GHz  UltraSparc  III  Cu  processor,  and  cost 
$11,000  in  an  entry  singleprocessor  configuration, 
the  same  entry  price  as  the  900-MHz  processor 
model,  the  company  says.  The  workstation  also  is 
available  in  a  dual-processor  configuration. 

The  Sun  Blade  2000’s  high-end  model  carries  a 
higher  entry  price  and  features  a  1.05<jHz  Ultra- 
Sparc  HI  processor. 

The  1.015-GHz  processor  has  shipped  in  Sun’s  Sun 


Fire  280R  rack  server  for  about  a  month  and  a  half, 
but  this  marks  its  first  appearance  in  a  workstation, 
says  Brian  Healy, group  marketing  manager  for  client 
and  technical  market  products  at  Sun. 

Sun  Blade  2000  or  Sun  Blade  1000  users  with 
slower  processors  will  find  it  easy  to  upgrade  to  the 
1.015-GHz  processor  because  the  processors  on 
the  Sun  Blade  2000  are  contained  in  modules  and 
easily  can  be  swapped,  Healy  says.  The  1.015-GHz 
processor  will  be  available  as  an  upgrade  option 
for  $5,750,  he  says. 

The  1.015-GHz  processor  is  available  worldwide  as 
of  last  week,  through  Sun’s  Web  site  or  through  Sun 
resellers,  Healy  says. 

Krazit  is  a  correspondent  with  the  IDG  News 
Service's  Boston  bureau. 


So  many  network  applications. 
So  little  throughput. 

It’s  time  for  Gigabit  to  the  desktop. 


The  surge  in  network  applications  has  caused  bottlenecks  on  desktops  everywhere.  The  solution?  Help  your 
organization  tackle  all  those  network  backups,  remote  software  distributions  and  massive  file  downloads  by 
providing  an  equally  massive  increase  in  throughput.  With  the  Intel®  PRO/IOOO  MT  Desktop  Connection, 
you’ll  benefit  from  10  times  the  throughput.  Other  advantages:  a  Gigabit  connection  works  on  an  existing 
10/100  Mbps  Cat-5  network,  and  will  seamlessly  ramp  up  to  1000  Mbps.  When  this  Gigabit  connection 
is  combined  with  the  Intel®  Pentium®  4  processor,  studies  have  demonstrated  a  significant  boost  in  desktop 
performance.  Intel,  the  leader  in  desktop  connections,  makes  multi-tasking  less  of  a  task  —  cost-effectively 
and  without  any  need  for  expensive  rewiring.  Intel®  PRO  Network  Connections.  The  intelligent  way  to  connect. 


Intel 


For  a  trial  kit,  product  and  test  information:  www.intel.com/go/desktopgig 


©2002  Intel  Corporation  Intel  is  a  registered  trademark  ot  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  rights  reserved. 


As  the  world  leader  in  Internet  security,  Check  Point’s™  integrated  security  solutions  Connect,  Protect, 
Manage  and  Accelerate  the  network  security  of  more  than  1 00  million  users  worldwide. 


CONNECT.  Leading  global  companies  rely  on  Check  Point  VPN 
solutions  to  connect  employees  and  offices  everywhere.  Regardless  of 
where  business  happens— even  in  the  most  remote  locations— people 
and  companies  are  securely  connected  to  their  critical  information. 


PROTECT.  Check  Point’s  fail-safe  firewall  infrastructure  provides 
the  highest  level  of  security  for  every  network  from  the  edge  to  the 
core.  Our  authentication,  access  control,  and  content  security  features 
have  become  the  trusted  global  industry  standard. 


Check  Point’s  revolutionary  Security  Management  ACCELERATE.  Check  Point’s  VPN  and  firewall  solutions  deliver 


Architecture  (SMART-)  lets  you  instantly  deploy  and  distribute  security 
policies  regardless  of  user  location.  All  aspects  of  network  security  can 
be  defined  and  managed  from  a  single  console  dramatically  reducing 
your  total  cost  of  ownership. 


wire-speed  performance  up  to  three  times  faster  than  other  network 
solutions.  Now  you  can  maintain  absolute  network 
security  without  sacrificing  the  performance  of  business-  Check  Point 
critical  applications  or  bogging  down  your  network. 


SOFTWAAt  rtCHNOlCXMtS  ITU 


Find  out  the  latest  in  Internet  security  by  downloading  our  white  paper  “Building  Secure  Wireless  LANs” 
at  www.checkpoint.com/wireless/nww  or  call  (866)  488-6686. 


We  Secure  the  Internet. 
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SERVICES  AND  STRATEGIES 
FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


Fiber  to  the  home  market  in  gear 

Towns  are  turning  to  optical  technology  for  super-fast,  future-proof  communications. 


A  The  two  basic  elements  of  optical  fiber  are  the  core  and  cladding.  The  core,  or  the  axial  part  of 
the  optical  fiber,  is  the  light  transmission  area  of  the  fiber.  The  cladding  encases  the  core.  The 
difference  in  refractive  index  between  the  core  and  cladding  is  less  than  0.5%.  The  refractive 
index  of  the  core  is  higher  than  that  of  the  cladding,  so  that  light  in  the  core  strikes  the  interface 
with  the  cladding  at  a  bouncing  angle  and  is  trapped  in  the  core. 

B  A  mode  is  a  defined  path  in  which  light  travels.  A  light  signal  can  propagate  through  the  core  of 
the  optical  fiber  on  a  single  path  (single-mode  fiber)  or  on  many  paths  (multimode  fiber).  The 
mode  in  which  light  travels  depends  on  geometry,  the  index  profile  of  the  fiber  and  the  wavelength 
of  the  light.  Single-mode  fiber  has  the  advantage  of  high  information-carrying  capacity,  low 
attenuation  and  low  fiber  cost,  but  multimode  has  the  advantage  of  low  connection  and  electronics 
cost  that  might  lead  to  lower  system  cost. 

C  Generally,  light  is  sent  down  the  fiber  in  the  form 
of  a  pulse.  As  pulses  travel  down  the  fiber,  they 
spread  out.  This  spreading  is  known  as 
dispersion.  Dispersion  is  undesirable 
because  it  can  cause  bit  errors  when 
the  signal  reaches  the  receiver.  To 
avoid  bit  errors,  it  is  necessary  to 
condition  the  signal  using  dispersion 
compensation  or  to  regenerate  the 
signal  using  a  repeater.  The  signal 
must  be  regenerated  before 
the  occurrence  of  any  errors. 


■  BY  TONI  KISTNER 

It’s  a  bit  of  a  chicken-and-egg  thing.  We 
won’t  see  strong  demand  for  residential 
broadband  access  until  there  are  applica¬ 
tions  people  want  to  use  it  for.  But  applica¬ 
tions  won’t  be  created  and  sought  after 
until  enough  people  are  willing  to  sub¬ 
scribe.  One  way  to  break  the  cycle  is  to 
offer  ultrafast  and  reliable  Internet  connec¬ 
tions,  multiple  phone  lines  with  enhanced 
features,  video,  telemedicine  and  educa¬ 
tion  services,  all  for  a  reasonable  price. 

Vaulting  over  traditional  broadband  tech¬ 
nologies,  fiber-optic  technology  delivers 
Internet,  voice  and  video  at  lightning-fast 
speeds  —  from  2M  to  100M  bit/sec  and 
beyond.  On  a  fiber-optic  network,  data  is 
transmitted  as  light  impulses  along  thin 
strands  of  silica  glass.  Unlike  copper  cab¬ 
ling,  optical  fiber  is  not  subject  to  electro¬ 
magnetic  interference  because  it  uses  light, 
not  electricity  Moreover,  fiber  optics  can 


■Takes 

■  The  Internet  Home  Alliance  this 

week  is  announcing  eight  new  mem¬ 
bers,  including  ADT,  CompUSA,  IBM, 
Samsung,  Sunbeam  and  Symbol 
Technologies.  The  group,  formed  to 
advance  the  home  technology  market, 
says  the  new  members  will  collabo¬ 
rate  on  pilot  projects  to  help  spur 
growth  in  the  nascent  market,  using 
technologies  that  in  time  will  help 
make  IT  more  transparent. 
www.internethomealliance.com 

■  Netgear  announced  last  week  a 
Gigabit  Ethernet  switch  for  small  busi¬ 
nesses.  Geared  to  graphic  design 
firms,  video  production  studios,  print 
shops  and  law  offices  that  require 
high  bandwidth,  the  GS108  is  an 
unmanaged  copper  Gigabit  Ethernet 
switch  with  eight  10/100/1000M  bit/sec 
ports.  The  device  provides  an  auto¬ 
uplink  feature  and  works  on  PC  and 
Macintosh  networks.  The  GS108  is 
available  for  about  $700.  www.net 
gear.com 


transmit  data  over  much  longer  distances; 
6.2  to  49.6  miles  over  singlemode  fiber¬ 
optic  cabling  vs.  a  few  thousand  feet  for 
copper  cabling  (see  graphic). 

Fiber-optic  technology  has  been  around 
since  1970  when  Corning  invented  the 
optic  cable.  Most  telephone  companies’ 
networks  are  fiber-based.  A  handful  of  up¬ 
scale  residential  developments,  mainly  in 
Texas,  Arizona  and  California,  have  even 
enjoyed  ultrahigh-speed  data,  video  and 
voice  applications  via  PCs  and  TVs  for  a 
number  of  years.  Built  from  the  ground  up 
with  fiber  cabling  or  a  mix  of  fiber  and 
coaxial  cables,  such  “connected  home 
communities”  also  provide  a  host  of 
nondigital  amenities  such  as  parks,  play¬ 
grounds,  golf  courses  and  restaurants. 

Betting  on  the  future 

Since  the  advent  of  fiber  to  the  home 
(FTTH)  technology,  the  question  has  been 
how  to  bring  it  to  existing  communities. 
Who’s  going  to  pay  for  it?  Does  the  expense 
justify  the  benefit?  Will  residents  subscribe? 
A  handful  of  municipal  governments  are 
finding  out  first-hand  as  they  embark  on 
ambitious  fiber-optic  projects.  Many  of  the 
areas  that  see  the  most  benefit  are  remote, 
are  ill-served  by  incumbent  cable  and  tele¬ 
phone  providers,  and  have  trouble  attract¬ 
ing  employers.  A  list  of  FTTH  projects  is  at 
www.nwfusion.com,  DocFinder:  2832,  but 
several  projects  are  cropping  up  in 
Colorado,  Utah  and  Washington  state. 

A  new  report  by  Render  Vanderslice  & 
Associates,  “Fiber  to  the  home  and  optical 
broadband,  2002,”  predicts  substantial  mar¬ 
ket  growth  in  the  coming  years.  Even  today, 
the  number  of  households  with  access  to 
FTTH  technology  has  almost  quadrupled 
since  last  year,  from  19,400  to  72,000  homes 
nationwide,  and  the  numbers  will  keep 
scaling  upward  until  they  reach  between 
800,000  and  1.4  million  homes  by 
September  2004. 

The  report  weeds  out  hybrid  fiber  coaxial 
cable  installations  and  projects  only  in  the 
early  planning  stages,  says  its  author  Mike 
Render.  Render  conducted  49  interviews 
with  vendors  and  other  experts  and  con¬ 
ducted  241  phone  calls  with  representa¬ 
tives  of  various  FTTH  projects  in  the  U.S. 
and  Canada.  And  to  get  a  sense  of  market 
awareness,  Render  conducted  a  survey  of 
key  FTTH  markets,  such  as  large  housing 
developers,  public  utility  companies  and 
incumbent  and  competitive  local  ex¬ 


change  carriers. 

Even  with  strong  numbers,  the  applica¬ 
tions  for  which  we’ll  want  (and  need)  fiber 
are  fuzzy  “If  history  is  any  guide,  some  of 
the  most  important  future  broadband  ap¬ 
plications  will  be  ones  that  are  not  yet  on 
the  list  of  conceived  possibilities,”  the  re¬ 
port  says.  Beyond  gaming,  movies  and  tele¬ 
working  with  full-motion  videoconferenc¬ 
ing,  other  intriguing  applications  could 
include  3-D  TV  virtual  art  museums,  and 
“narrow  casting,”  the  ability  to  deliver  thou¬ 
sands  of  TV  channels,  each  focused  on  a 
niche  audience.  For  a  list  of  possibilities, 
see  DocFinder:  2833. 

But  even  if  we  won’t  see  such  applica¬ 
tions  for  many  years,  Render  says  house¬ 
holds  will  need  ultrahigh  bandwidth  in 


coming  years  to  support  high-definition 
television  (HDTV)  and  to  run  applications 
on  multiple  displays  simultaneously  For 
household  members  to  watch  a  movie  on 
one  HDTV  play  interactive  games  on  a  sec¬ 
ond,  participate  in  a  videoconference  on  a 
computer  and  watch  a  lecture  on  demand 
on  a  fourth  display,  the  house  will  need  a 
58M  bit/sec  downstream  and  about  36M 
bit/sec  upstream  connection. 

Building  Utopia 

No  doubt  Thomas  More  would  have  con¬ 
sidered  2M  bit/sec  data  rates  Utopian,  but 
in  Utah,  UTOPIA  stands  for  the  Utah 
Telecommunications  Open  Infrastructure 
Agency,  the  cornerstone  of  a  marketing 
See  Fiber  optics,  page  26 
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Fiber  optics 

continued  from  page  25 

strategy'  by  Paul  Morris,  UTOPIAs  executive 
director.  Launched  in  April  2000,  the  agency 
is  embarking  on  the  largest  FTTH  project  in 
the  U.S.  Seventeen  municipalities  in  the 
state  have  joined,  and  the  agency  expects 


more  in  the  coming  months.The  participat¬ 
ing  towns,  from  Tremonton  in  the  north  to 
Cedar  City  in  the  south,  represent  75%  of 
Utah’s  population. 

UTOPIA  is  based  on  a  wholesale  or  “open 
access”  model,  whereby  the  municipalities 
own  the  infrastructure  and  ISPs  sell  ser¬ 
vices  on  top  of  it.  In  some  states,  communi¬ 


ties  also  sell  the  retail  communications  ser¬ 
vices  themselves,  competing  directly  with 
the  local  phone  and  cable  companies.  But 
Utah  and  some  others  are  prohibited  by 
law  from  competing  with  the  incumbents. 
Even  so,  Morris  says  the  open  access  model 
is  superior  because  it  drives  competition. 

“With  the  wholesale  model,  ISPs  will  com- 
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Protecting  your  email  system  is  more  important  than  ever— not  to  mention  challenging.  When  you  need  to  prevent 
spam,  provide  a  line  of  defense  against  viruses  and  manage  inappropriate  content  and  large  attachments, 
Message  Inspector  is  a  grand  slam  for  reliable,  hassle-free  email  content  filtering.  Add  Message  Inspector  to 
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pete  and  innovate,”  he  says.  “But  with  the 
retail  model,  the  governmental  entity  sells 
the  services.  It  becomes  the  third  monop¬ 
oly.  We  have  retail  water,  sewer  and  power, 
but  we  also  have  wholesale  streets  and  air¬ 
ports.  You  want  the  Jet  Blues  and  the 
Southwest  Airlines  to  be  free  to  innovate. 
You  want  the  government  to  own  the  air¬ 
port  but  not  to  run  an  airline.” 

Although  it’s  too  early  to  share  the  data, 
Morris  says  a  recent  feasibility  study  gaug¬ 
ing  community  interest  and  attitudes  about 
existing  service  providers  “looks  very  good.” 
He  says  he  expects  providers  will  offer  2M 
bit/sec  synchronous  Internet  service,  two 
phone  lines,  video  and  150-channel  digital 
TV  for  about  $100  to  SI 20  per  month. 

“Take  rate”  is  the  percentage  of  homes  and 
businesses  passed  that  subscribe  to  the  ser¬ 
vice.  The  higher  the  projected  take  rate,  the 
easier  it  is  to  attract  retail  service  providers. 
Once  the  ISPs  are  onboard  and  the  feasibil¬ 
ity  study  is  completed  (next  April,  Morris 
says),  UTOPIA  can  take  its  bonds  to  bond 
purchasers  to  fund  the  project. 

Zipping  along 

Grant  County  in  Washington  is  building  a 
Utopia  of  its  own.  Unlike  UTOPIA,  which 
plans  to  sell  bonds  for  funding,  its  fiber  pro¬ 
ject,  run  by  the  local  public  utility  district 
(PUD),  is  self-funded  by  two  hydroelectric 
dams  on  the  Columbia  River.  Grant  County 
PUD  (GCPUD)  sells  the  power  it  doesn’t 
need  on  the  open  market.  The  utility  also 
uses  a  wholesale  model  and  boasts  15  par¬ 
ticipating  ISPs. 

Two  years  ago,  Grant  County  turned  to 
fiber  out  of  frustration. The  telecom  incum¬ 
bents  sorely  underserved  its  residents. 
Cable  TV  providers  offered  only  32  analog 
channels  and  only  to  the  largest  towns.The 
county  had  no  DSL  or  cable  service,  and 
some  rural  areas  even  lacked  phone  ser¬ 
vice  —  unless  residents  were  willing  to  pay 
the  $20,000  to  $50,000  line  extension 
charge.  So  just  like  Grant  County  residents 
did  in  the  mid-1980s  when  they  started 
their  own  electric  power  company  they 
asked  the  county  to  provide  advanced 
communications  services,  which  became 
the  Zipp  Network. 

GCPUD  is  investing  $20  million  per  year 
(one-third  of  its  annual  operating  budget) 
in  the  six-year  project.  A  year  and  a  half  into 
the  project,  the  Zipp  Network  is  enjoying 
better-than-expected  take  rates.“By  now,  we 
only  expected  a  15%  take  rate, but  we’ve  got 
41%  at  the  outset,”  says  Jonathan  Moore, 
senior  telecommunications  engineer  at 
GCPUD.  Moore  says  he  expects  the  take  rate 
to  increase  to  as  much  as  60%  by  the  pro¬ 
ject’s  completion. 

“That’s  great  news  because  it  means  our 
payback  of  20  years  will  be  more  like  12  to 
15, "Moore  adds.So  far, 96%  of  customers  are 
signing  up  for  Internet, 35%  are  taking  Inter¬ 
net  and  video,  with  just  5%  opting  for  voice. 
Even  though  residents  without  phone  ser¬ 
vice  rely  on  cell  phones, Moore  says  GCPUD 
is  trying  to  raise  voice  adoption  rates  by 
making  it  a  health  and  safety  issue.  “If  your 
house  is  burning,  you  have  to  take  the  cell, 
jump  in  the  car,  then  drive  far  enough  away 
to  get  service  to  call  the  fire  department.”  ■ 
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Considering  an  upgrade  to  10G  Ethernet?  Need  to  fold  voice  into  your  IP  network?  Want  to  have  stored 
data  at  the  ready?  Hoping  to  untether  parts  of  your  network  with  wireless  access?  Before  you  delve  too 
far  into  any  of  these  areas,  you  need  to  take  a  long,  hard  look  at  your  network  and  its 
capabilities.  Attend  Network  World's  FREE  event  "State  of  the  LAN/MAN:  Re-engineering  for  Today's 
Enterprise  Demands"  to  find  out  how  to  create  a  network  blueprint  that  gracefully  addresses  the  needs 
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Don't  miss  out  —  sign  up  online  at 
www.nwfusion.com/events/lanman/register.jsp 

or  call  1-800-643-4668  now! 
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This  event  is  limited  to  qualified  IT  professionals  currently  involved  in  the  evaluation  and  purchase  of  LAN/MAN  products  and  services.  Network  World  reserves  the  right  to  determine  total  audience  profile. 
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Find  confidence  in  the  midst  of  chaos. 


Focus  on  the  best  in  network  security,  every  step  of  the  way. 


Start  with  a  secure  foundation. 

Our  operating  system,  IPSO,  is  built  from  the  ground  up  for  security. 
It  eliminates  many  vulnerabilities  common  to  general-purpose 
servers,  and  also  incorporates  our  patented  IP  Clustering  technology. 
Multiple  Nokia  security  appliances  can  be  linked  as  one,  on  the  fly, 
for  new  levels  of  performance,  reliability  and  scalability. 


Integrate  the  best  in  network  security  expertise. 

Partners  like  Check  Point  Software  Technologies,  Internet  Security 
Systems  and  F5  help  us  deliver  the  full  capabilities  of  their  VPN, 
firewall,  intrusion  protection,  and  Internet  traffic  management 
applications.  To  learn  about  the  other  ways  we  give  our  customers 
greater  peace  of  mind,  just  visit  www.nokia.com/ipsecurity/na. 
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Calendaring  standards  gain  popularity 


II  Nobody  asks  me  if  I’m  free  for  a  meeting  anymore. 
They  know  that  my  calendar  is  available  online.  9 9 


■  BY  CAROLYN  DUFFY  MARSAN 

Matt  Henry,  a  technical  architect  for  the 
advanced  technology  team  at  Kemet,  a 
Greenville,  S.C.,  electronic  component 
manufacturer,  recently  received  a  meeting 


Takes 


■  Nokia  and  Hewlett-Packard 

have  joined  forces  to  create  a  pack¬ 
age  for  remote  asset  management 
over  wireless  links,  the  companies 
said  last  week.  The  package  combines 
the  Nokia  M2M  Platform,  a 
machine-to-machine  communication 
product,  and  HP’s  OpenView  man¬ 
agement  software  on  an  HP-UX  or 
HP  ProLiant  server.  The  package  is 
targeted  at  companies  that  want  to 
integrate  management  of  remote  as¬ 
sets  into  their  IT  infrastructure.  Those 
assets  could  include  utility  meters, 
vending  machines,  forestry  equipment 
or  cars,  HP  and  Nokia  said.  HP’s 
salesforce,  helped  by  Nokia  experts, 
will  sell  the  package  while  HP's  ser¬ 
vices  organization  will  offer  related 
integration  and  consulting  services. 
The  Nokia  M2M  Platform  consists  of 
a  gateway  and  GSM  Connectivity 
Terminals.  The  gateway  establishes 
the  wireless  connection  and  handles 
IP  translation  between  local  and 
remote  applications,  while  the  termi¬ 
nals  provide  the  link  over  a  GSM  net¬ 
work.  The  companies  did  not  say  when 
the  product  will  ship  or  what  it  will 
cost,  www.hp.com; www.nokia.com 

■  Symark  Software  announced 
PowerBroker  3.0,  the  updated  ver¬ 
sion  of  its  Unix  administrative  tool 
for  granting  control  of  account  privi¬ 
leges,  controlling  access  to  files  and 
directories  and  logging  of  requests 
and  keystrokes.  Powerbroker  3.0, 
which  costs  $30,000  for  a  five- 
machine  license,  has  added  support 
for  AIX  5,  Solaris  9,  Debian  Linux  and 
IBM  S390  Linux,  and  now  can  use 
digital  signatures,  certificates  and 
Secure  Sockets  Layer  encryption  for 
security,  www.symark.com 


invitation  from  a  vendor  via  e-mail.  To 
Henry’s  surprise,  when  he  accepted  the 
meeting  it  was  entered  automatically  into 
his  online  calendar,  which  is  stored  on  the 
latest  version  of  Lotus  Notes. 

“The  invitation  looked  like  it  came  from 
within  Kemet,”  Henry  says.  “It  was  really 
neat  and  really  useful.” 

Henry’s  Notes  6.0  software  processed  the 
meeting  invitation  even  though  it  was  cre¬ 
ated  using  Microsoft  Outlook  2002.  That’s 
because  Notes  6  and  Outlook  2002  support 
an  emerging  calendaring  standard  called 
iCal,  which  allows  the  exchange  of  basic 
calendaring  information  across  the 
Internet. 

“With  Notes  6,  we  have  begun  to  see  the 


■  BY  ELLEN  MESSMER 

Computer-science  researchers  are  pre¬ 
dicting  that  new  types  of  dangerous  worms 
are  on  their  way  with  the  ability  to  infect 
Web  servers,  browsers  and  other  software 
so  quickly  that  the  Internet  could  be  taken 
down  in  a  matter  of  minutes. 

Although  still  very  much  a  theoretical 
threat,  the  killer  worms  described  in  the 
research  study  “How  to  Own  the  Internet  in 
Your  Spare  Time,”  are  triggering  some  skep¬ 
ticism  —  but  the  idea  of  them  is  seldom 
dismissed  as  outlandish  science  fiction. 

The  authors  of  the  research  present  a 
vision  of  the  future  where  worm-based 
attacks  use  hit  lists  to  target  vulnerable 
Internet  hosts  and  equipment,  such  as 
routers,  rather  than  scanning  aimlessly  as 
the  last  mammoth  worm  outbreaks, 
Nimda  and  Code  Red,  did  last  year.  And 
this  new  breed  of  worm  will  carry  dan¬ 
gerous  payloads  to  allow  automated 
denial-of-service  and  file  destruction 
through  remote  control. 

“Code  Red  and  Nimda  could  have 
spread  faster, and  they  didn’t  have  powerful 
payloads,” says  Stuart  Staniford,  president  of 
Silicon  Defense  and  co-author  of  the  re¬ 
search  paper  detailing  the  killer  worms. 
The  paper  was  published  with  two  Berk¬ 
eley,  Calif.,  scientists,  Vern  Paxson  and 
Nicholas  Weaver.  Weaver  is  a  graduate  stu¬ 
dent  at  the  University  of  California  at 
Berkeley,  and  Paxson  is  staff  scientist  at  the 
ICS1  Center  for  Internet  Research  in 
Berkeley  and  Lawrence  Berkeley  National 


Matt  Henry 

Technical  architect,  Kemet 


benefit  of  the  full  integration  of  many  of 
the  calendaring  standards  that  Outlook 
uses,”  Henry  says.  “Industry  standards  are 
starting  to  be  adopted  . . .  and  we’re  starting 
to  see  calendaring  integration  between 
e-mail  systems.” 

For  years,  group  calendaring  was  avail- 


Laboratory’s  network  research  group. 

In  “How  to  Own  the  Internet  in  Your  Spare 
Time,”  the  three  say  that  this  next  genera¬ 
tion  of  computer  worms  —  which  certain¬ 
ly  would  have  military  application  during 
war  —  will  carry  knowledge  about  a  spe¬ 
cific  server’s  vulnerability  and  propagate  at 
a  breathtakingly  high  rate  of  infection, “so 
that  no  human-mediated  counter-response 
is  possible.” 

Remedying  software  vulnerabilities  re¬ 
mains  a  huge  problem,  with  many  corpo¬ 
rations  saying  it  takes  about  a  day  or  two  — 
at  best  —  to  apply  software  patches  once  a 
software  vendor  has  acknowledged  a  vul¬ 
nerability  in  product  coding  and  supplied 
a  fix  for  it.  And  online  home  computer 


able  primarily  through  groupware  pack¬ 
ages  from  Lotus,  Microsoft  and  Novell. 
Employees  of  companies  that  standard¬ 
ized  on  groupware  could  access  each 
others  calendars  online,  find  free  times 
for  meeting  participants,  and  schedule 
See  Calendaring,  page  30 


users  are  often  wholly  unaware  of  these 
types  of  problems. 

Staniford  says  they  tested  the  papers  the¬ 
sis  in  a  lab  simulation  of  a  computer  worm 
designed  to  subvert  10  million  Internet 
hosts  over  low-speed  and  high-speed 
lines.  Supplied  with  its  own  hit  list  of  IP 
addresses  and  vulnerabilities  gained 
through  previous  scanning,  the  theoretical 
worm  could  infect  more  than  9  million 
servers  in  about  15  minutes.  They  called 
this  the  Warhol  worm  after  artist  Andy 
Warhol’s  quote  that  everyone  will  be 
famous  for  15  minutes.  A  similar  theoreti¬ 
cal  worm  they  coined  the  Flash  worm, 
blasted  out  from  a  622M  bit/sec  link, 
See  Worm,  page  3G 


The  worm  that  ate  the  Internet? 


Worm  with  teeth 


How  the  Flash  worm  would  strike  the  Internet  within  minutes: 


1  The  Flash  worm's  author  collects  a  2  The  Flash  worm,  with  a  dangerous  3  Once  the  worm  infects  its 
hit  list  through  stealth  scans,  DNS  payload  to  destroy  files  or  launch  first  set  of  targets,  it  divides 

searches,  Web-crawling  spiders,  a  a  denial-of-service  attack,  is  sent  into  “child  worms”  with 


public  survey  such  as  Netcraft  or  out,  programmed  with  a  9  million  preconfigured  chunks  of  IP 

listening  for  “broadcasts”  from  or  so  IP  address  hit  list  targets,  which  in  turn  divide 

other  worms  that  already  have  compressed  to  7.5-megabyte  file  again  once  they’ve  infected 

infected  Internet  hosts.  sent  over  a  high-speed  link.  their  targets. 
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Calendaring  standards  explained 

vCalendar  —  A  standard  that  dates  back  to  1996,  vCal  is  a  basic  electronic  calendaring  and  scheduling 
exchange  format.  It  was  developed  by  theVersit  Consortium,  whose  key  members  included  Apple, 
AT&T,  IBM  and  Siemens.  VCal  traditionally  has  been  used  in  handheld  devices  and  mobile  phones. 


iCalendar  —  ICal  outlines  a  common  format  for  the  exchange  of  calendaring  and  scheduling  information 
across  the  Internet.  A  product  of  the  Internet  EngineeringTask  Force,  iCal  was  published  as  a  standards 
track  document  in  1998. The  IETF  also  published  two  companion  protocols  in  1998:  iTIP,  which  specifies 
how  calendaring  systems  use  iCal  objects  to  interoperate  with  other  calendaring  systems;  and  iMIP, 
which  specifies  a  binding  between  iTIP  and  Internet  e-mail  transports.The  iCal  protocols  offer  basic 
calendaring  interoperability  such  as  sending,  receiving  and  responding  to  meeting  invites  among  users 
of  different  calendaring  software.  ICal  has  gained  support  across  the  messaging  industry  since  it 
became  available  in  Outlook  2002,  which  shipped  last  summer. 


Calendar  Access  Protocol  —  A  companion  to  iCal,  CAP  is  the  key  missing  link  in  calendaring 
interoperability  across  the  Internet.The  IETF  has  worked  on  CAP  for  several  years,  but  has  not  yet 
finalized  it.  CAP  lets  a  calendar  user  use  a  calendar  user  agent  to  access  an  iCAL-based  calendar 
store.  CAP  offers  advanced  calendaring  support,  including  the  ability  to  query,  create,  modify  and 
delete  iCal  events,  and  it  specifies  how  to  search  for  available  free  time.  Authors  of  the  CAP  drafts 
include  engineers  from  AOL/Netscape  and  Steltor. 


SyncML  —  An  XML  protocol  that  was  released  in  2000,  SyncML  supports  universal  synchronization 
of  data  between  devices,  particularly  wireless  devices.  Supporters  of  the  SyncML  Initiative  are  Ericsson, 
IBM,  Lotus,  Matsushita,  Motorola,  Nokia,  Open  Wave,  Starfish  Software  and  Symbian.The  first  compliant 
products  began  shipping  in  2001. 


Calendaring 

continued  from  page  29 

meetings  and  conference  rooms. 

But  these  capabilities  were  avail¬ 
able  only  between  employees  of 
the  same  company. 

Now  a  growing  number  of  mes¬ 
saging  vendors  are  beefing  up 
their  calendaring  capabilities  with 
support  for  standards  such  as  iCal. 

With  iCal,  users  of  different  mes¬ 
saging  client  and  server  software 
can  invite  each  other  to  meetings 
via  e-mail,  and  either  accept  or 
decline  those  invitations. 

“A  lot  of  organizations  are  look¬ 
ing  for  calendaring,  but  they 
want  it  to  perform  the  functional¬ 
ity  that  it  can  do  with  Exchange 
and  Notes,”  says  Mike  Osterman, 
president  of  Osterman  Research, 
which  tracks  corporate  use  of 
groupware."  [In  the  past]  a  lack  of 
calendaring  functionality  held 
some  messaging  products  back.” 

During  October,  three  messag¬ 
ing  vendors  announced  software 
that  supports  iCal: 

•  Lotus  improved  the  calendar¬ 
ing  capabilities  ofVersion  6.0  of  Notes  and 
Domino.  The  upgraded  groupware  pack¬ 
ages  support  iCal  and  offer  improved  cal¬ 
endar  interoperability  between  Notes  us¬ 
ers  in  different  companies. 

•  Mirapoint  added  calendaring  to  its 
messaging  appliances  with  the  release  of 
Messaging  Continuum,  software  that  sup¬ 
ports  personal  and  group  calendaring 
and  resource  scheduling.  Messaging  Con¬ 
tinuum  supports  iCal  and  the  older  vCal 
standard. 

•  Stalker  Software  added  calendaring 
and  scheduling  to  its  CommuniGate  Pro 
Messaging  Server  4.0.  Stalker  expanded  its 
support  for  Outlook’s  calendaring  features 
and  announced  plans  to  comply  with  iCal 


Worm 

continued  from  page  29 

would  take  even  less  time  to  “own”  the 
Internet. 

Just  as  the  U.S.  government  has  estab¬ 
lished  the  Centers  for  Disease  Control  to 
be  the  central  voice  in  matters  related  to 
national  health  risks,  it  would  benefit  the 
country'  to  set  up  an  operations  center  on 
virus-  and  worm-based  threats  to  cyberse¬ 
curity,  the  authors  say 

Richard  Clarke,  the  adviser  to  President 
Bush  on  cybersecurity  matters,  recently 
said  that  while  he  hadn’t  read  the  Flash 
worm  research  paper,  he  wouldn’t  dis¬ 
count  the  idea  of  a  very-fast-moving  worm 
of  this  type. 

As  it  happens,  the  draft  “National 
Strategy  to  Secure  Cyberspace"  report 
issued  this  month  contained  the  recom¬ 
mendation  that  the  government  fund  a 
network  operations  center  as  a  central 
point  for  threat  analysis  ■ 


and  vCal  later  this  year. 

These  messaging  vendors  join  Ipswitch, 
Novell  and  Sun,  which  already  support  iCal 
and  other  calendaring  standards  in  their 
enterprise-class  messaging  and  calendar¬ 
ing  software  products.  (See  graphic,  above.) 

Robert  Mahowald,  research  manager 
for  collaborative  computing  at  IDC,  says 
that  after  e-mail,  the  most  popular  fea¬ 
ture  in  groupware  packages  is  calendar¬ 
ing  and  scheduling.  That’s  why  it’s  a  nat¬ 
ural  add-on  for  other  messaging  ven¬ 
dors,  he  says. 

“For  a  company  that  needs  to  have  an 
integrated  collaborative  environment 
with  customer  application  development, 
e-mail,  and  calendaring  and  scheduling 
are  the  two  most  important  applications,” 
Mahowald  says.  “Companies  that  are 
used  to  that  are  not  going  to  take  it  away” 

Between  the  two  key  calendaring  stan¬ 
dards,  Mahowald  says  that  “iCal  is  more  of 
a  desktop  collaboration  standard  while 
vCal  is  more  for  mobile  applications.” 

Calendaring  is  one  of  the  most  popular 
applications  at  Kemet,  which  has  3,000 
employees  worldwide  who  use  Lotus 
Notes,  Domino  and  Sametime  instant¬ 
messaging  software.  Henry  estimates  that 
half  these  employees  regularly  use  the  cal¬ 
endaring  features. 

“Nobody  asks  me  if  I’m  free  for  a  meet¬ 
ing  anymore,”  Henry  says. “They  know  that 
my  calendar  is  available  online,  and  they 
check  my  free  and  busy  time  through 
Notes.  We  schedule  everything  through 
Notes  —  conference  rooms,  projectors, 
even  cars.  It’s  all  done  through  the  calen¬ 
daring  features.” 

Kemet  recently  upgraded  most  of  its 
servers  to  Domino  6,  and  it  has  about  40 
end  users  testing  Notes  6.  The  rest  of  the 
employees  use  a  mix  of  Notes  4.5  and  5.0. 


Henry  says  Kemet  was  upgrading  all  its 
users  to  Notes  5  when  the  economic 
downturn  hit  the  company  hard  18 
months  ago. That  upgrade  was  halted,  but 
Kemet  now  is  considering  migrating  its 
Notes  4.5  users  straight  to  6.0. 

Among  the  calendaring  features  in 
Notes  6.0  that  Kemet  users  like  best  are: 
the  ability  to  color-code  events  on  a  cal¬ 
endar,  coordination  with  to-do  lists  so  pro¬ 
ject  deadlines  appear  on  calendars,  and 
better  integration  between  Notes  and 
Sametime  to  allow  for  the  scheduling  of 
virtual  meetings  held  via  Sametime. 

“Lotus  has  done  a  tremendous  job  of 
getting  all  the  frustrating  little  things  to 
work,”  Henry  says.  “For  example,  if  you 
invite  somebody  to  a  meeting,  that  per¬ 
son  can  accept  or  decline  the  meeting 
by  e-mail.  Before,  if  you  accepted  the 
meeting  but  deleted  the  e-mail  invite,  the 
meeting  was  deleted  from  your  calendar. 
Now  you  have  a  window  that  pops  up 
asking  if  you  really  want  to  delete  the 
meeting  or  just  the  e-mail  inviting  you  to 
the  meeting.” 

Groupware  users  such  as  those  at 
Kemet  are  accustomed  to  a  broad  set  of 
calendaring  features  that  include  not 
only  the  ability  to  find  a  convenient 
meeting  time  and  to  schedule  a  meeting 
and  conference  room,  but  also  to  dele¬ 
gate  or  reschedule  a  meeting.  These 
users  want  to  access  calendaring  infor¬ 
mation  via  the  Web  and  synchronize  cal¬ 
endars  between  desktop  and  handheld 
machines. 

With  calendaring  standards,  users  want 
all  these  advanced  features  to  work 
across  diverse  platforms,  particularly 
between  Outlook  and  other  messaging 
software.  However,  iCal  only  supports 
exchanging  a  meeting  date  and  time, 


but  none  of  the  advanced  cal¬ 
endaring  features  such  as  look¬ 
ing  up  a  co-worker’s  free  and 
busy  time. 

“ICal  provides  the  barest  form 
of  interoperability”  says  Alan 
Lepofsky,  offerings  manager  in 
the  Lotus  messaging  solutions 
group.  “ICal  doesn’t  support  all 
the  workflow  applications  in 
Domino,  like  counterproposing 
a  meeting  time  or  delegating 
a  meeting.” 

Two  new  calendaring  stan¬ 
dards  —  Calendar  Access  Proto¬ 
col  (CAP)  and  SyncML  —  might 
provide  the  additional  features 
users  want.  CAP  is  a  server-side 
standard  still  under  develop¬ 
ment  that  will  complement  iCal 
and  offer  such  features  as  search¬ 
ing  other  people’s  free  and  busy 
time.  SyncML  supports  calendar 
synchronization  between  desk¬ 
top  and  wireless  devices. 

Sun  says  it  will  support  CAP 
and  SyncML  as  soon  as  those 
standards  are  ready. 

“Enterprises  would  like  to  see 
calendaring  standards  widely 
deployed,”  says  Manish  Punjabi,  product 
line  manager  for  communications  prod¬ 
ucts  at  Sun. 

“Most  Fortune  500  companies  do  some 
amount  of  mergers  and  acquisitions,”  Pun¬ 
jabi  says.“When  they  acquire  a  company, 
they  can’t  require  that  company  to  have 
the  same  e-mail  and  calendaring.  They 
want  to  have  any  client  on  the  front  end, 
but  have  standards-based  servers  on  the 
back  end.” 

“The  whole  world  is  waiting  for  CAR" 
says  Lynn  Madsen,  product  manager  for 
Novell’s  NetMail,  which  is  iCal-complaint 
Web-based  messaging  software  used  by 
Southwest  Airlines  and  the  University  of 
Kentucky. “CAP  will  allow  you  to  replace 
the  proprietary  groupware  functionality 
that  corporate  customers  want.” 

Until  CAP  and  SyncML  are  widely  de¬ 
ployed,  network  managers  say  their 
biggest  issue  in  calendaring  integration  is 
to  ensure  the  interoperability  between 
Outlook  and  other  messaging  software. 
That’s  why  many  messaging  vendors, 
including  Stalker  and  Ipswitch,  are  tweak¬ 
ing  their  products  in  other  ways  to  pro¬ 
vide  better  integration  with  Outlook.  ■ 


More  online! 


Look  online  for  a  chart  that  shows  which  vendors' 
packages  support  new  calendaring  standards. 
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A  winning  team:  High  tech  and  low  stress.  Introducing  the  IBM  (©server  iSeries“890. 32-way  processor,  twice 
the  memory  and  I/O1.  That’s  mainframe  power.  Dynamic  logical  partitioning,  self-optimizing  disk  management  and 
single-network  sign-on.  That’s  low-stress  simplicity.  So,  like  the  entire  iSeries  line,  the  i890  couples  high 
performance  with  ease.  For  a  paper  on  how  i890  can  deliver  mainframe  power  and  simplicity  to  your  business,  go  to 
ibm.com/eserver/i890.  Raise  your  standards.  Not  your  blood  pressure. 
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'As  compared  to  the  IBM  e Server  iSeries  840.  IBM.  the  e-business  logo.  eServer,  iSeries  and  e-business  is  the  game.  Play  to  win  are  trademarks  or  registered  trademarks  ot  International  Business  Machines  Corporation  in  the 
United  States  and  tor  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2002  IBM  Corporation.  All  rights  reserved. 
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Does  it  hurt  to  be  castigated? 


You  can  tell  that  Steve  Ballmer  is  a 
Harvard  boy.  When  Microsoft’s  CEO 
was  asked  about  one  of  the  com¬ 
pany’s  public  relations  firms  getting  further 
ahead  of  the  truth  than  what  goes  for  nor¬ 
mal  at  Microsoft,  he  replied:“If  that’s  right,  I 


will  certainly  castigate  the  offender”  Natur¬ 
ally,  a  better  class  of  language  than  you 
would  expect  from  non-Ivy  League  schools 
like  the  trade  school  a  few  miles  down  the 
Charles  River.  We  train  ’em  good  here 
at  Harvard. 
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Complete  SAN  LAN  performance  tools. 

Finisar  has  been  offering  its  customers  the  tools  necessary  to  increase  efficient 
network  operation  for  over  14  years.  Finisar’s  family  of  network  analysis  and 
performance  testing  products  ensure  optimum  performance  through  constant 
monitoring,  measuring  and  analysis;  locating  and  repairing  problems  before 
they  cause  an  impact. 

Listening  to  customer  needs,  we  develop  products  that  are  flexible  and  scalable 
to  grow  and  evolve  with  today's  SAN  and  LAN  environments.  No  other  company 
offers  products  as  easy-to-use  and  easy-to-implement. 

Take  a  test  drive. 

Remove  the  gridlock  from  your  network.  Test  drive  Finisar  Performance  Tools  at 
www.fin isar.com  /testd  rive 


www.nwfusion.com 


The  incident  that  caused  Steve  to  get  so 
worked  up  was  one  of  the  dumber  things 
done  by  the  public  relations  side  of  a 
major  U.S.  corporation  in  years.  The  last 
case  like  this  that  I  can  remember  was 
AT&T  issuing  a  press  release  announcing 
that  the  one-time  biggest  company  in  the 
world  —  whose  stock  was  considered  safe 
enough  for  “widows  and  orphans”  (some  of 
you  readers  might  not  remember  those 
utopian  days)  —  was  adding  the  “Hot 
Channel”  to  its  cable  TV  companies’  line¬ 
ups,  thus  proving  two  things:  that  pornogra¬ 
phy  is  still  a  technology  driver;  and  that  PR 
departments  can  be  stunningly  naive. 

For  those  of  you  who  have  turned  off  the 
TV  until  after  the  elections  to  avoid  the 
stomach-turning  political  ads  (almost 
makes  one  lose  one’s  faith  in  democracy), 
Apple  Computer  has  been  running  ads  in 
which  people  talk  about  switching  from 
Windows  machines  to  Macs.  The  speakers 
in  these  ads  look  like  real  people  and  use 
what  seem  to  be  real  names.  In  this  case, 
Microsoft  put  up  its  own  “switching” 
Web  page. 

Called  “Confessions  of  a  Mac  to  PC  con¬ 
vert,”  the  page  purported  to  be  from  some¬ 
one  who  switched  to  Windows  XP  after 
owning  Macs  for  eight  years,  and  was 
thrilled  with  her  new  life.  And  the  switch 
was  easy:“I  was  up  and  running  in  less  than 
one  day,  Girl  Scouts  honor”  Maybe  the  Girl 
Scouts  should  join  the  parade  of  people 
suing  Microsoft,  because  there  was  no 
honor  in  this  switcher. 

The  story  did  not  ring  true,  so  it  did  not 
take  long  for  folks  to  start  poking  around 
and  find  the  name  of  a  public  relations 
firm  embedded  in  Word  documents  that 
accompanied  the  ad.  Another  example  of 
Microsoft’s  refusal  to  seriously  evaluate  the 
privacy  aspects  of  its  products  —  neat  that 
one  of  the  problems  bit  the  company  this 
time.  It  turned  out  that  the  whole  thing  was 
written  by  the  public  relations  firm  that 
works  for  Microsoft,  and  the  lovely  picture 
of  a  young  woman  looking  somewhere 
between  meek  and  plaintive  turned  out  to 
be  a  stock  photo  from  Getty  Images. 

Considering  the  state  of  Apple’s  sales,  it 
should  not  have  been  hard  to  find  a  real 
Mac-to-PC  switcher,  so  the  whole  episode 
gives  the  term  amateurish  a  whole  new 
context.  I  hope  Steve’s  castigation  message 
is  “speak  the  truth”  and  not  “don't  get 
caught.’Time  will  tell. 

Disclaimer:  I  could  not  find  a  Harvard 
class  on  castigation,  so  Steve  must  have 
done  some  postgraduate  study.  Anyway,  the 
above  observation  is  mine  alone. 


Bradner  is  a  consultant  with  Howard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 
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More  online! 

Columnist  Dave  Keams 
recently  weighed  in  on 
Apple  s  ads.  Read  his  col¬ 
umn  and  reader  reaction. 
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mac-layer  port  locking 


Fastlron  Edge  Switches  let  you  do  more  with  less.  Compact  form.  Immense  capabilities 
Fastlron  Edge  Stackables  pack  more  power  into  your  wiring  closet  than  any  other  switch.  They  give  you 
tunable  functionality,  configurable  security,  and  simplified  management.  The  96-port  model  has  twice 
the  port  density  of  the  nearest  competitor.  With  a  common  user  interface,  standard-based  network 
management  support,  redundant  and  hot-swappable  power  supplies,  and  a  common  software  suite,  the 
Fastlron  Edge  switches  give  you  the  lowest  total  cost  of  ownership  and  the  highest  investment  value  of 
all  the  major  switches.  ( let  a  competitive  edge — get  a  Fastlron  Edge  Switch.  Call  1 .888.TURBOFAN 
(887-2652)  Or  www.foundrvnetworks.com/fes. 
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Wireless  LAN  attacks  grow  in  sophistication 


■  BY  JOHN  COX 

It  was  a  chilling  moment:  Jim  Bowen,  a  security  expert 
with  Internet  Security  Systems  of  Atlanta,  had  tracked 
down  an  unidentified  radio  signal  outside  the  build¬ 
ing  of  a  client. 

Someone  had  set  up  an  802.1  lb  access  point  near 
enough  to  be  able  to  receive  communications  from  wire¬ 
less  clients  inside  the  building.  Fbsing  as  an  official  access 
point  on  the  corporate  wireless  LAN,  this  decoy  could 
accept  traffic  that  revealed  key  data,  network  names  and 
media  access  control  (MAC)  addresses.  In  other  words,  a 
wealth  of  corporate  information  that,  if  passed  onto  a 
wireless  laptop  and  a  set  of  freeware  tools,  could  let  an 
outsider  access  resources 
on  the  wired  LAN. 

“This  shows  an  increased 
level  of  sophistication  in 
wireless  threats,” says 
Patrick  Wheeler,  an  1SS 
product  manager,  who 
oversees  software  called 
Wireless  Scanner,  which 
can  detect  such  decoys. 

“You  have  to  work  hard  to 
set  up  something  like  this 
that  close  to  the  corporate 
environment.” 

During  the  past  year,  wire¬ 
less  LAN  security  threats 
have  multiplied,  according 
to  users,  vendors  and  con- 
sultants.There  are  more 
attack  applications  avail¬ 
able,  the  applications  are  more  sophisticated  and  highly 
automated  and  the  weaknesses  of  various  wireless  hard¬ 
ware  and  software  products  are  documented  more 
extensively  and  precisely 

Attackers  are  continually  updating  freeware  utilities  and 
other  programs  for  such  things  as  automatically  unscram¬ 
bling  the  Wired  Equivalent  Privacy  (WEP)  encryption 
keys, which  form  the  basic, although  flawed, 802.1  lb  secu¬ 
rity  layer. These  programs  include  WEPcrack  and  Airsnort. 
Other  programs,  such  as  kismet,  pick  up  an  access  point’s 
Service  Set  Identifier,  which  acts  like  a  kind  of  password 
for  clients  to  join  the  wireless  LAN, 

“It’s  definitely  getting  to  the  point  where  we  need  to 
move  to  [a  VPN]  for  our  wireless  LAN,” says  Dennis  Moul, 
director  of  IS  for  CoManage,  a  Wexford,  Pa., carrier  soft¬ 
ware  vendor.  A  VPN  would  require  each  wireless  user  to 
authenticate,  for  example,  via  a  Remote  Authentication 
Dial-In  User  Service  server,  and  then  would  encrypt  or 
scramble  the  data  moved  between  the  wireless  devices 
and  the  access  point. 

But  even  a  VPN  can  be  exploited  in  the  wireless  world. 
The  decoy  mentioned  earlier  is  a  variant  of  the  so-called 
“man  in  the  middle" attack,  which  lets  an  intruder  glean 
network  information  about  access  points  or  client 
adapters,  such  as  MAC  addresses,  and  use  this  to  imper¬ 
sonate  already  authenticated  wireless  LAN  devices.  One 
university  network  manager  at  a  southeastern  university 
recently  invited  an  intrusion-detection  vendor  to  demon¬ 
strate  its  product  on  campus.  Within  minutes,  the  manager 
witnessed  two  attempts  at  identity  theft  —  using  someone 


else’s  authenticated  identity. 

During  the  past  year  there  has  been  an  upsurge  in  Web 
sites, such  as  www.wigle.net  (for  Wireless  Geographic 
Logging  Engine),  where  anyone  can  upload  readings 
from  wireless  detection  programs  such  as  NetStumbler, 
along  with  coordinates  from  a  satellite-based  geographic 
positioning  system. 

“You  can  find  the  exact  longitude  and  latitude  of  an 
access  point,” says  Fred  Tanzella,  chief  security  officer  for 
AirDefense,  which  makes  handheld  software  for  detecting 
and  finding  wireless  intrusions.“You  can  then  map  direc¬ 
tions  to  the  site  through  MapQuest  and  even  get  an  aerial 
photo  of  the  location.” 

Such  sites  have  made  last  year’s  phenomenon  of  “war 


driving” —  cruising  around  in  a  car  with  a  laptop  fitted 
with  a  wireless  adapter  card  and  sensitive,  or  high-gain, 
antenna  to  find  unprotected  corporate  access  points  — 
already  passe. 

“The  real  hackers  today  don’t  even  have  to  do  any  dri¬ 
ving,”  he  says. 

War  spamming 

Another  recently  developed  threat  is  war  spamming. 
Spammers  use  the  same  tools  and  lists  to  enter  a  corpo¬ 
rate  network  through  an  unsecured  access  point,  then 
hack  to  the  corporate  e-mail  or  Simple  Mail  Transfer 
Protocol  server.  Once  there,  they  use  the  corporate  facili¬ 
ties  to  send  out  a  blizzard  of  e-mails  promoting  services, 
political  beliefs  or  general  chaos.“For  the  company  that’s 
hacked,  their  ISP  may  suddenly  block  their  site  to  shut 
down  the  spammer]’ Wheeler  says.“And  it’s  often  hard  to 
get  unblocked. That  means  no  one  can  get  to  your  corpo¬ 
rate  email  [from  outside].” 

Sometimes  the  the  growing  sophistication  of  your  own 
employees  creates  the  problem,  according  to  Jay  Chaud- 
hryCEO  of  AirDefense.  Chaudhry  recently  met  with  a  large 
systems  integrator  where  network  executives,  concerned 
about  wireless  security,  had  banned  wireless  LANs.To 
enforce  the  ban,  IT  staff  routinely  made  the  rounds  of  the 
site  with  NetStumbler  loaded  on  wireless  laptops,  search¬ 
ing  for  any  “rogue”  access  points.They  didn’t  find  any 

Chaudhry  found  out  why.“Whenever  the  TP  police’  go 
around  with  NetStumbler,  the  users  simply  unplug  their 
access  points,  hide  them  in  a  drawer  or  cupboard,  and  set 


them  up  again  after  the  sweep  is  over,”  he  says. 

Hacking  is  in  large  part  a  repetitive,  trial-and-error  pro¬ 
cess.  Like  all  such  processes,  it  lends  itself  well  to  software 
automation. 

“What  I  have  seen  [in  the  past  year]  is  how  automated 
and  easy  it  is  for  even  low-level  attacks  to  be  carried  out,” 
says  A1  Lang,  COO  for  Fidelis  Security,  a  vendor  of  intru¬ 
sion-detection  systems  based  on  a  modified  version  of 
the  open  source  program  Snort.The  software  scans  net¬ 
work  packets, searching  for  patterns,  which  it  compares 
with  a  database  to  detect  surreptitious  attacks.“Hackers 
automate  their  attacks  on  a  range  of  TC1P/1P  addresses,” 
Lang  says.“You  can  find  thousands  and  thousands  of 
such  attempts  in  the  space  of  a  week.” 

Hackers  can  find  Web 
sites  that  have  file  after  file 
of  sample  attacks.These 
can  be  downloaded,  auto¬ 
mated,  and  they  just  sit 
there  [on  the  attacker’s 
computer]  and  run  and 
run  and  run,”  Lang  says. 
“There  are  a  lot  of  people 
who’ve  automated  the 
process  of  continually 
attacking  [the  network].” 

Countermeasures 

In  wireless  LANs,  as  in 
wired  networks, security  is 
a  multilayered  task.  In¬ 
creased  wireless  LAN  use 
and  the  growing  skill  of 
attackers  underline  the 
urgency  of  developing  countermeasures. 

Some  of  these  countermeasures  can  be  found  in  new 
software  and  hardware  tools.These  include  security 
servers  such  as  those  offered  by  Bluesocket,  Cranite  and 
Vernier.  Intrusion-detection  software  from  companies 
such  as  AirDefense  and  Fidelis,  which  is  doing  initial  test¬ 
ing  of  its  pattern-matching  software  with  select  cus¬ 
tomers,  are  the  latest  new  thing. 

But  many  countermeasures  are  basic,  proven  network 
security  architectures,  policies  and  procedures  that  need 
to  be  fine-tuned  for  wireless  networks.This  work  starts  by 
knowing  that  the  assumption  that  no  one  can  physically 
access  my  network  doesn’t  apply  when  the  network 
medium  is  a  radio  wave. 

CancerCare  of  Manitoba,  which  does  cancer  screening 
and  treatment  for  the  entire  province,  is  installing  Cranite 
Systems’ security  controllers  to  protect  wireless  LANs  at 
three  main  sites  in  Winnipeg  and  at  17  other  rural  sites.  At 
the  same  time,  network  administrators  constantly  monitor 
the  firewall  and  wireless  LANs  for  any  attacks,  and  regu¬ 
larly  run  internal  security  audits, says  Mark  Kuchnicki, 
CancerCare’s  director  of  IS. 

CoManage’s  Moul  continually  evaluates  the  wireless 
risk  to  his  company’s  data.  He  weighs  not  only  the 
expertise  level  of  potential  attackers,  but  also  what 
could  be  called  the  information  status  of  CoManage. 
“What  is  the  perceived  risk  to  this  company  at  this 
time?”  he  asks.“Right  now,  we’re  not  a  publicly  traded 
company.  If  we  were,  or  were  a  household  name,  that 
risk  would  be  different.”  ■ 


r  1 

Wireless  threats 

Attacks  against  wireless  LANs  are  evolving:  They  are  becoming  more  automated,  more 
sophisticated  and  target  more  weak  points.  Here  are  a  few: 

1  Threat  What  it  does 

Countermeasures 

Decoy  access  points  Wireless  LAN  clients  assume  the  decoy  is 

a  valid  access  point  and  connect. 

Mutual  authentication. 

Access  point  maps 

Web  sites  record  precise  location  of  any 
unsecure  access  points  and  directions  to  it. 

Security  architecture;  smart  deploy¬ 
ment;  authentication;  encryption. 

Invisible  access  points 

Radios  embedded  in  shipping,  receiving  and 
other  systems  create  open  back  door. 

Security  policies;  intrusion  detection. 

Automated  low-level 
attacks  on  WEP  keys, 
passwords,  addresses 

L _ 

Programs  run  repeatedly  to  ferret  out  and 
crack  an  array  of  weaknesses. 

Intrusion  detection;  security  architec¬ 
ture;  access  point  configuration 
management. 
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THE  MORE  SECURE  YOUR  FRONT  LINE 
fHE  MORE  SECURE  YOUR  BOTTOM  LINE 


MAKE  SECURITY  YOUR  STRENGTH 

Enlist  a  network  security  system  that  is  as 
much  about  your  ROI  as  it  is  about  deterring 
threats.  With  WatchGuard®  at  the  heart  of  a 
multi-layered  security  system,  you  get  ASIC- 
based  performance — and  when  your  data  is 
protected,  employees  are  more  productive  and 
budgets  are  saved.  So  you  can  concentrate  on 
maximizing  business  potential. 
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One  of  the  best  ways  to  spark  ideas  for  better 
security  is  yours  for  free.  Call  1-877-732-8780  or  visit 
www.watchguard.com/guide  to  get  a  complimentary 
copy  of  Better  Security:  A  Practical  Guide. 


Great  service  starts  with  knowing  what  customers  want.  That's  why  if  you're 
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a  CDW  customer,  you  get  the  same  account  manager  every  time  you  call. 
Over  time,  that  means  they  get  to  know  your  technology  set-up  and  your 
needs.  So  our  account  managers  are  more  responsive  and  more  passionate 
about  helping  every  Tom,  Dan  and  Susan  who  calls.  Because  they  know  Tom, 
Dan  and  Susan  personally.  For  more  information,  just  call  or  visit  our  Web  site. 


■  WIRELESS  ■  REGULATORY  AFFAIRS 


A  Verizon  president  sets  sights  on  AT&T 


Verizon  is  on  the  verge  of  winning  long-distance 
approval  in  all  15  of  its  local  states,  giving  the  carrier 
another  arrow  in  its  quiver  of  enterprise  services, 
which  already  include  local  voice,  many  flavors  of 
data  transport  and  network  management,  design  and 
integration  services.  Network  World  Senior  Writer 
Michael  Martin  recently  sat  down  with  Eduardo 
Menasce,  president  of  Verizon  Enterprise  Solutions 
Group,  to  discuss  the  evolution  of  the  telecom  market. 


You're  nearing  271-approval  in  all  your  local  states.  Initially  this  seems  to  be  more  of  a 
consumer  play,  but  what  does  it  mean  long  term  for  the  enterprise? 

It  means  we  can  become  not  an  [interexchange  carrier] ,  but  a  totally  differ¬ 
ent  entity:  One  that  can  leverage  extraordinary  local  capabilities  and  go  after 
[long-distance]  revenue  that  we  couldn’t  pursue  in  the  past.  We’re  nationwide, 
but  we  only  have  a  local  presence.  We’re  outstanding  in  New  Jersey  outstanding 
in  New  York.  However,  we  can’t  serve  a  customer  from  here  to  there.  271-relief 
lets  us  cross  that  river.  I’d  like  to  share  some  news  with  you,  but  I  can’t  because 
it’s  something  we’re  doing  in  a  couple  of  weeks.  I  can  say  customers  are  asking 
us  to  give  them  long-distance  —  voice  and  data.They’re  asking  us  to  make  the 
transition  from  a  [regional  Bell  operating  company]  —  not  to  an  IXC  —  but  to 
something  different. 

And  Verizon  is  very  well  positioned  to  do  that.  Looking  at  what  is  happening  in 


the  marketplace,  there  is  a  window  of  opportunity  When  we  formed  our  objec¬ 
tives  two  years  ago,  I  didn’t  think  the  market  would  go  in  the  direction  it  has.  I 
didn’t  expect  the  economic  downturn,  everyone  cutting  spending,  and  we  didn’t 
forecast  we  would  have  fewer  competitors.  We  couldn’t  foresee  the  demise  of 
WorldCom.  So  we  will  become  a  real  solutions  provider,  A-to-Z. 

AT&T  and  WorldCom  are  some  of  the  largest  competitive  local  exchange  carriers  today. 
How  do  you  see  them  as  competitors? 

AT&T  is  clearly  No.  1  in  the  large-business  customer  segment. They  have  a 
good  reputation  and  national  presence.They  are  the  strongest  IXC.  We’re  going 
after  each  other.  But  it’s  much  easier  [for  us]  to  go  after  long-distance.  It’s  less 
capital-intensive  to  move  from  local  to  long-distance  than  the  other  way 
around.  WorldCom  is  a  question  mark.  What  will  happen  to  them,  I  don’t  know.  1 
would  guess  they  will  [emerge  from  bankruptcy]  a  completely  different  com¬ 
pany  —  a  smaller  company  and  maybe  not  the  competitor  they  were  before. 
That  would  leave  us  two  strong  competitors:  AT&T  and  Sprint. 

When  you're  going  after  the  large-customer  segment  how  do  you  convince  someone  to 
shift  from  AT&T?  Is  it  price? 

People  are  maybe  more  price-sensitive  today  because  they  have  to  do  more 
with  less.  But  they  also  realize  that  price  is  not  the  only  game  in  town.  A  lot  of 
people  got  hurt  by  going  for  price.  People  are  looking  for  someone  who  can  pro¬ 
vide  the  entire  value  proposition  —  strong  company  facilities-based,  large  portfo¬ 
lio  of  products  and  services. 

See  Verizon,  page  38 


■  Infonet  announced  last  week  a 
partnership  with  Polycom  to  offer 
video-over-IP  services  for  its  global 
business  customers.  Infonet  is  pack¬ 
aging  Polycom  interactive  video  prod¬ 
ucts  with  its  dedicated  IP  services. 
Infonet  is  bundling  the  Polycom  Of¬ 
fice  products,  which  include  Poly¬ 
com’s  ViewStation,  iPower,  ViaVideo 
endpoints,  MCG  Video  Multipoint 
Control  Unit  and  MCG  Gateway.  Info¬ 
net  expects  to  ease  adoption  and  de¬ 
ployment  of  video-over-IP  by  offering 
a  service  that  includes  all  the  video 
equipment  needed. 

■  AT&T  Wireless  announced  last 
week  its  plans  to  make  available 
Web  enabled  Smartphones  run¬ 
ning  software  from  Microsoft  in 

the  U.S.  in  the  first  half  of  next  year. 
Similar  phones  go  on  sale  in  Europe 
this  month. 


NTT/Verio  rolls  out  CDN 

Offering  features  peering  points  in  U.S.,  London  and  Tokyo. 


■  BY  JENNIFER  MEARS 

ENGLEWOOD,  COLO.  —  NTT/Verio  has 
expanded  its  IP  services  by  adding  a  con¬ 
tent  delivery  feature  for  customers  who 
want  to  speed  Web  content  to  end  users 
around  the  globe. 

The  service,  called  Smart  Content  De¬ 
livery  was  launched  earlier  this  month. 
NTT/Verio  is  using  caching  and  switching 
devices,  as  well  as  caching  software,  from 
Foundry  Networks  and  Network  Appliance 
to  deliver  the  service.  It  employs  reverse- 
proxy  caching  and  global  load  balancing 
to  move  content  to  the  edge  of  the  NTT 
network  and  then  deliver  it  from  the  server 
closest  to  the  end  user. 

The  edge  caching  servers  are  in  four 
peering  points:  San  Jose;  Sterling,  Va.; 
London;  and  Tokyo.  Wayne  Lambert,  direc¬ 
tor  of  product  engineering  at  Verio, says  the 
company  is  planning  to  expand  the  ser¬ 
vice  by  adding  caching  servers  in  more 
locations. 

The  service  can  handle  static  content 


Taking  it  to  the  edge 

NTT/Verio’s  Smart  Content  Delivery 
service  speeds  the  delivery  of 
content  on  its  global  IP  backbone. 
The  service: 


Uses  reverse-proxy  caching  to  off-load 
static  content  and  streaming  media 
from  origin  servers. 


•  Uses  caching  servers  at  the  edge  of 
the  network  for  faster  delivery. 


•  Incorporates  global  server  load 
balancing  to  direct  end-user  requests 
to  the  optimal  edge  server,  depending 
on  content  requested  and  location. 

•  Handles  static  content  and  streaming 
media,  including  Windows  Media, 
RealOne  Player  and  QuickTime. 


and  streaming  media,  although  Secure 
Sockets  Layer  transactions  and  dynamic 
content  still  must  be  processed  at  origin 
servers.  Nevertheless,  Verio  says  that  tests 
conducted  by  Keynote  Systems  have 


service 


shown  Web  sites  perform  two  to  eight  times 
faster  because  of  the  ability  to  off-load 
some  of  the  content  from  origin  servers, 
pushing  it  to  the  edge  of  the  network. 

Daniel  Marion,  head  of  technology  at 
UEFA  Media  in  Nyon,  Switzerland,  says  the 
soccer  organization’s  Web  site  has  seen 
download  times  cut  in  half  and  has  re¬ 
duced  the  strain  on  its  origin  servers  — 
even  as  traffic  has  doubled  since  last  year 
—  since  it  began  beta-testing  the  NTT/ 
Verio  Smart  Content  Delivery  service  earl¬ 
ier  this  year. 

Verio  hosts  the  UEFA  Web  site,  which  aver¬ 
ages  between  1.5  million  to  2  million  page 
views  per  day  but  spikes  to  6  million  page 
views  on  game  days.  Marion  says  UEFA 
considered  content  delivery  network 
(CDN)  providers  such  as  Akamai  Tech¬ 
nologies,  Digital  Island  and  Mirror  Image 
before  settling  on  NTT/Verio’s  new  service. 
The  primary  reason,  he  says,  is  that  the  Web 
site  provides  real-time,  play-by-play  text  and 
graphics,  and  NTT/Verio  could  guarantee 

See  CDN,  page  38 
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In  a  recent  column  1  wrote  that  the  in¬ 
cumbent  local  exchange  carriers’ 
anger  over  unbundled  network  ele¬ 
ment-platform  pricing  was  misplaced.  I’ve 
gotten  a  lot  of  feedback,  and  I  appreciate 
the  time,  energy  and  thoughtfulness  that 
people  put  into  their  responses. 

Most  of  the  notes  were  some  variant  of 
“right  on,"  although  a  handful  of  them 
were  passionate  rebuttals.  Judging  from 
their  e-mail  addresses,  the  authors  were 
predominantly  ILEC  employees  —  no  sur¬ 
prise  —  but  not  from  the  marketing  or 
public  relations  departments.  These  were 
real  telecom  engineers  writing  about  their 
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real-world  experiences,  and  they  high¬ 
lighted  some  areas  that  could  use  further 
clarification. 

Here’s  a  summary  of  the  main  issues 
they  raised  and  my  responses. 

1)  Competitive  local  exchange  carriers 
(CLECs)  pay  artificially  low  rates  to  use 
networks  they  don’t  have  to  pay  to  man¬ 
age  or  maintain.  This  lets  them  reap  the 
profits  without  making  the  necessary 
investments. 

Uh,  what  profits?  Have  you  noticed  how 
many  CLECs  have  gone  broke  in  the  past 
24  months?  If  this  argument  held  water, 
the  ILECs  would  be  falling  all  over  them¬ 
selves  to  take  advantage  of  the  rules  and 
resell  each  other’s  networks.  Why  isn’t 
Verizon  selling  services  on  SBC  Commu¬ 
nications’  network  and  vice  versa? 

The  truth  is  that  nobody’s  making  a 
killing  in  this  market.  And  that’s  not  be¬ 
cause  UNE-P  is  unfair.  It’s  because  the  mar¬ 
ket  value  of  residential  services  continues 


to  drop.  That  puts  a  huge  amount  of  pres¬ 
sure  on  the  providers  of  these  services  to 
survive  with  lower  margins,  reduce  operat¬ 
ing  costs  or  both  —  which  brings  us  to  the 
second  point. 

2)  Necessary  investments  include  big 
iron  switches,  engineers  with  hard  hats 
and  tool  belts,  vans  and  the  like.  Wrote 
one  reader:  “You  need  to  actually  have  a 
network  to  invest  in  it  and  make  it  more 
efficient.”  Another  said:  “How  many  hard 
hats  and  tool  belts  did  [the  CLECs]  buy 
this  year?” 

Well  folks,  this  is  the  crux  of  the  matter. 
Regular  readers  will  note  that  I  try  hard  to 
distinguish  between  service  providers 
and  bandwidth  providers.“Bandwidth”is  a 
low-value  commodity  these  days  —  and 
that  includes  residential  dial-tone. 

Anyone  who  wants  to  be  in  the  band¬ 
width  business  needs  to  figure  out  how  to 
reduce  operating  costs  —  and  that  means 
using  technology  effectively  to  reduce  (not 


increase)  the  number  of  big  iron  switches, 
vans  and  tool  belts  they  purchase. 

What  that  means  in  human  terms  is  lost 
jobs.  And  here’s  a  heartbreaker:  The  peo¬ 
ple  at  greatest  risk  are  the  good  guys,  the 
ILEC  employees  who  resisted  the  “get-rich- 
quick”  mindset  of  the  '90s,  stayed  on  the 
job,  and  took  care  of  their  families  and 
customers. 

Yes,  what’s  happening  in  the  telecom 
industry  is  painful.  And  the  pain’s  not  over 
yet.  But  don’t  blame  UNE-P  Blame  senior 
management  at  the  ILECs  for  not  realizing 
where  the  market  was  headed  and  for 
wasting  their  dollars  on  lobbyists  and 
lawyers  instead  of  making  the  necessary 
investment  to  upgrade  from  bandwidth  to 
service  providers. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  a  technology 
research  firm.  She  can  be  reached  at  johna 
@nemertes.com. 
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that  fresher  content  would  be  delivered 
from  edge  servers. 

“As  we  host  in  an  NTT/Verio  data  center 
and  we’re  traveling  on  the  NTT  backbone, 
we  can  guarantee  that  content  is  updated 
more  or  less  in  real  time.  We  never  expe¬ 
rience  problems  by  having  content  repli¬ 
cated  and  having  a  delay  on  the  server 
locations  they  have. ...  We  were  able  to 
guarantee  that  our  live  content  is  the  same 
in  every  location  they  have  their  CDN 
deployed,”  he  says. 

Because  the  other  providers  used  over¬ 
lay  networks  within  multiple  ISPs,  they 
couldn’t  guarantee  the  quality  of  service 
UEFA  needed,  Marion  says. 

Still,  NTT/Verio  might  be  at  a  disadvan¬ 
tage  when  trying  to  sell  the  service  to 
new  customers  looking  for  the  broader 
reach  an  Akamai  CDN  can  offer  with 
nearly  13,000  edge  servers  in  hundreds 
of  ISPs,  analysts  say. 

“The  way  [NTTA/erio  is]  positioning  this 
is  as  a  value-add  to  their  existing  hosting 
customers  and  a  value-added  extra  to 
induce  some  of  their  access  customers  to 
use  them  for  hosting,"  says  Melanie  Fbsey, 
program  manager  of  Web  hosting  at  IDC. 
“It's  not  really  a  stand-alone  product.” 

NTT/Verio,  along  with  competitors  such 
as  AT&T,  are  approaching  the  content 
delivery  issue  from  a  different  direction 
than  multibackbone  providers  such  as 
Akamai  and  Speedera,  analysts  say.  The 
network  service  providers  contend  that  by 
leveraging  their  existing  backbone  and 
peering  relationships  they  can  provide 
comparable  services  at  lower  prices. 

Analysts  see  growth  in  both  approach¬ 
es,  and  IDC  predicts  the  CDN  services 
market  will  grow  from  $288.1  million  in 
2001  to  more  than  $2  billion  in  2006. 

NTT/Verio’s  Smart  Content  Delivery  ser¬ 
vice  is  available  now.  Pricing  starts  at  about 
$1,500  per  month  ■ 
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And  customers  would  like  to  have  a 
choice.They’d  like  to  have  another 
provider  that  could  be  as  strong  or 
stronger  than  AT&T, so  they  aren’t  in  the 
hands  of  one  provider. 

The  other  RBOCs  don’t  have  the  same  reach  as 
you  do  since  your  acquisition  of  GTE.  How  will 
they  shape  up  as  competitors? 

They  will  be  competitors.  It  will  depend  on  their  geographi¬ 
cal  reach.  We’ve  already  started  to  move  outside  of  our  fran¬ 
chise.  We  added  to  existing  GTE  networks  in  Dallas,  Seattle 
and  Los  Angeles  in  a  near  out-of-franchise  strategy  We 
deployed  facilities  there  to  compete  with  the  local  players. 
The  expansions  were  close  to  existing  distribution  points.  For 
example,  in  Dallas  we  were  on  the  outside  of  Dallas,  but  not 
in  the  big  business  district.  We  added  facilities  in  the  business 
areas.  Essentially  we’re  trying  to  follow  the  customer. The 
same  customer  who  has  an  office  in  New  York  might  have 
one  in  Dallas,  L.A.  or  Seattle.  And  eventually  we  can  attract 
new  customers  there,  too. 

We  also  have  a  presence  on  the  international  side.  We 
deployed  a  network  that  follows  our  customers  outside  of  the 
U.S.We  can  do  business  between  the  U.S.and  Europe, 
Canada,  Latin  America,  Asia. 


How  do  you  deal  with  out-of-franchise  markets?  Do  you 
see  yourselves  moving  into  Chicago,  for  example? 

We  are  a  player  in  Chicago  already  We  don’t 
have  facilities  there.  But  [we  have]  our  network- 
integration  business,  whether  it’s  installing  [cus¬ 
tomer  premises  equipment]or  maintaining  and 
managing  networks.  We  manage  networks  for  our 
customers  on  a  nationwide  basis.  So  in  Chicago,  we 
could  design  the  network,  provide  the  boxes, 
install  and  maintain  the  network. 


More  online! 


Would  you  manage  the  transport  as  well? 

Yes,  we  do  that. We  could  manage  the  cus¬ 
tomer’s  frame  relay  network,  even  if  it’s  not 


Verizon  might  be  gunning  for  long-distance 
gains,  but  it's  also  trying  for  strides  in 
other  areas,  such  as  convergence. 

DocHnder  2838 


Verizon  frame  relay  We  monitor  that  out  of 
our  network  operations  center. 

What  types  of  new  services  are  coming? 

You  have  frame  relay,  transparent  LAN 
services  that  are  important.  Regional  ded¬ 
icated  optical. The  whole  area  of  man¬ 
aged  network  services  is  taking  off  very 
fast.  IP  Centrex,  IP  VPN,  dense  wavelength 
division  multiplexing.  And  voice  over  IP 
which  is  slowly  getting  there. 

Wireless  LANs  are  coming  along.  It’s  still 
not  ready  for  prime  time  in  the  enterprise 
because  of  security  issues,  but  we’re  getting 
there  and  we’re  starting  to  resell  some  of  the  boxes.  What  we 
really  want  to  do  is  provide  a  managed  network  service,  where 
we  manage  the  wireless  LAN. 

Is  frame  relay  still  the  data  service  of  choice? 

It  is  still  a  very  strong  product.  We  thought  at  some  point  it 
was  going  to  slow  down,  but  it  is  still  selling  very  well. 

Is  it  still  smaller  than  private  lines? 

Yes.There’s  a  big  legacy  of  private  lines.  But  private  lines  are 
only  growing  at  1%  to  2%  annually.  Frame  relay  is  growing  18% 
to  20%  a  year. 

Do  cable  TV  providers  compete  at  all  for  enterprise  customers? 

1  don’t  want  to  minimize  the  possibilities  here.  But  I  don’t  see 
that  the  cable  companies  by  themselves  are  going  to 
become  enterprise  players.They  don’t  have  the  net- 
works.They  don’t  have  the  reputation.They  don’t 
have  the  knowledge  and  they  don’t  have  the 
expertise.  It’s  too  much  of  a  leap. 


Unbundled  network  element  pricing  -  the  require¬ 
ment  that  RBOCs  must  resell  network  resources  to  com¬ 
petitive  carriers  -  looks  like  it  might  be  changing.  What 
needs  to  change? 

I  don’t  know  exactly  what  the  ideal  situation 
would  be.  I  do  know  what  we  have  today  is 
not  ideal. The  way  things  are  designed  today, 
it  allows  people  to  use  our  network  at  prices 
that  are  below  our  costs.  1  don’t  think  that 
makes  any  sense.  ■ 
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\  KRITAS  Software  owns  4o%  ol  the  hatkiip  nt  i<  I  recovery  software  'market 
lot-  l  \l\  and  Windows  environment*,  according  to  a  leading  indnstn  analyst. 
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into  powerful  problem  solvers.  Now's  the  time  to 
check  out  the  most  powerful  line  of  network  trou¬ 
bleshooting  tools  ever  designed.  Tools  for  everything 
from  connectivity  testing  to  fixing  traffic  jams  and 
configuration  snafus.  Why  now?  Because  they  can 
also  show  you  some  other  amazing  vistas.  Like  a  free 
trip  to  see  Paris  from  the  Eiffel  Tower.  Rio  from  Sugar 
Loaf  Mountain.  Japan  from  Mt.  Fuji.  Zimbabwe  from 
Victoria  Falls.  Or  the  Grand  Canyon  from  the  South 
Rim.  It's  the  perfect  opportunity  to  see  more  of  your 
world  at  play  —  and  more  of  your  world  at  work.  So 
go  to  www.flukenetworks.com/vista  now  and  take 
a  tour  of  our  new  troubleshooting  solutions.  Then 
register  to  win  the  trip  of  a  lifetime.  Bon  voyage! 


Go  to  www.flukenetworks.com/vista  to  take  a 
virtual  tour  and  enter  to  win  a  trip  of  a  lifetime! 


For  official  rules  and  regulations  go  to  www.flukenetworks.com/vistarules 
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■  SONET  switch  start-up  Akara 
and  facilities-based  carrier  Light- 
Wave  Communications  last 
week  announced  the  launch  of 
Lightwave's  storage-over-SONET 
managed  service  offering,  which 
uses  Akara’s  OUSP  SONET  multi¬ 
plexer.  The  companies  also  an¬ 
nounced  that  Web  hosting  provider 
Digex  is  deploying  Lightwave’s 
new  service. 

LightWave  is  providing  Digex  with 
a  managed  service  offering  that 
maps  native  Gigabit  Ethernet  onto 
Lightwave’s  SONET  ring  and 
transports  the  data  between  data 
centers  in  Virginia  and  Maryland 
using  OUSP. 

Akara's  OUSP  adapts  Gigabit 
Ethernet  traffic  originating  from 
Digex-owned  routers  onto  a  SONET 
OC-12  interface  for  transport 
through  Lightwave's  network. 

LightWave  provides  metropolitan 
optical  access  services  that  inter¬ 
connect  carrier  hotels,  data  centers 
and  Verizon  central  offices  within 
the  Washington,  D.C.,  to  New  York 
corridor,  www.akara.com;  www. 
lightwavecom.com 

■  Native  Networks,  a  vendor  of 
metropolitan  Ethernet  systems  for 
optical  access  networks,  last  week 
announced  the  appointment  of 
Rami  Hadar  as  CEO.  Hadar  was 
co-founder  and  executive  vice  presi¬ 
dent  of  marketing  and  business 
development  of  Ensemble  Com¬ 
munications,  a  wireless  broadband 
access  company. 

Before  founding  Ensemble,  he 
was  the  co-founder  and  CEO  of 
CTP  Systems  in  Israel.  In  1995, 

CTP  was  acquired  by  DSP  Com¬ 
munication,  which  was  eventually 
acquired  by  Intel.  Native’s  prod¬ 
ucts,  designed  for  deployment  in 
first-mile  metropolitan-access 
infrastructure,  transport  and 
aggregate  metropolitan  Ethernet 
packets  alongside  legacy  circuits/ 
TDM  services  over  dark  fiber, 
SONET/SDH  infrastructure  or 
dense  wave  division  multiplexing. 
www.nativenetworks.com 


Redback  CEO  views  industry 
downturn  as  opportunity 


The  impact  of  the  telecom  down¬ 
turn  on  the  larger  players  is  well- 
chronicled.  But  even  though  affected 
similarly,  some  smaller  players  are 
viewing  the  slump  as  an  opportuni¬ 
ty  to  strut  their  stuff.  Redback 
Networks  President  and  CEO  Kevin 
DeNuccio  recently  shared  his  per¬ 
spective  with  Jim  Duffy,  managing  editor  of  Network 
World’s  The  Edge. 

What  are  your  chief  differentiators  from  Cisco  and  Juniper? 

If  you  look  at  [subscriber  management  systems  (SMS)] 
and  what  Redback  built,  it  built  an  operating  system  for 
the  first  time  with  user-to-network  in  mind,  not  network-to- 
network.  If  you  look  at  [Cisco’s]  IOS  and  the  way  it  was 
architected,  it  was  designed  for  the  enterprise,  a  multipro¬ 
tocol  router.  It  was  the  only  IP  operating  system, so  it 
moved  in  and  became  the  Internet  as  well.  Juniper 
[entered  the  market]  by  building  a  core  operating  system. 
They  [entered  the  market]  at  the  high  end  when  Cisco 
couldn’t  scale  up. 

SMS  beats  Cisco  everywhere  around  the  world.  How 
does  little  Redback  beat  Cisco  in  the  routing  space  unless 
it  truly  had  a  technology  advantage?  I  ran  sales  at  Cisco 
for  seven  years.  We  couldn’t  beat  Redback  in  aggregation. 
Here  I  am.  I  think  the  DSL  model  is  how  you’re  going  to 
manage  data  networks. 

The  foundation  architecture  that  sits  there  [in  SMS]  is 
so  dramatically  different  from  what  anybody  else  has, 
it  can’t  be  replicated  for  years.  IOS  and  JUNOS  think 
about  IP  connectivity;  they  don’t  think  about  services 
and  users. 

What  about  (Unisphere's)  Unison? 

The  underlying  Unisphere  operating  system  is  modified 
from  industry-standard  code  that’s  off-the-shelf. They  basic¬ 
ally  took  off-the-shelf  software  and  laid  SMS  on  top  of  it. 
They  can  get  8,000  users  on  a  box,  which  is  better  than 
Cisco,  and  rivals  our  low-end  system. They  built  a 
pretty  good  platform  and,  in  my  opinion, 
became  our  only  viable  competitor.  Cisco, 
because  of  their  size  and  presence,  is  in  the 
bids  all  the  time.  But  they  are  not  a  viable 
competitor. 

I’m  glad  about  the  Juniper  acquisition  of 
Unisphere  because  I'd  rather  have  two  competi¬ 
tors  than  three  of  us  or  four,  because  it  does 
confuse  the  issue.  I  think  the  challenge  for 
Juniper  is  they  view  their  strength  as 
the  percentage  they  were  able  to 
gain  in  the  core,  and  they  wanted  to 
take  JUNOS  and  move  it  to  edge. 

They’ve  been  fairly  unsuccessful  at 


More  online! 

Get  the  background  on 
CEO  Kevin  DeNuccio's  strategy  to  pin 
Redback's  comeback  hopes  on  the  router. 

DocFinder  2836 


that, selling  baby  core  routers  at  the  edge.  It’s  unclear  to 
me  how  they  are  going  to  sort  through  their  operating  sys¬ 
tem  and  SMS  stuff.  But  they’re  going  to  be  deficient  to 
what  I  think  our  capabilities  are.  We  have  something.The 
customers  realize  it  and  that’s  why  we’re  able  to  win.  As  a 
small  company  against  these  guys,  people  want  an  alterna¬ 
tive  to  the  [Cisco  7500  router]  and  they  want  an  alternative 
to  Cisco.  I  think  we  have  it. 

You  have  fewer  competitors  but  they're  big  and  varied. 

At  some  level,  technology  becomes  a  driver.  When  you  talk 
about  orders  of  magnitude  difference,  when  you  talk  about 
a  box  that  can  do  2,000  VPNs  vs.  200. ...  Our  strategy  is  first  to 
be  viewed  as  one  of  three  choices  the  customer  has  in  the 
IP  world. The  next  step  under  that  is  to  convince  the  world 
that  we’re  the  alternative  on  the  edge,  just  the  way  Juniper 
became  the  alternative  in  the  core. There's  that  much  differ¬ 
entiation  in  it  that  Cisco  just  can’t  bowl  over  us  and  just  sink 
us  on  a  given  deal  like  I  used  to  do  day  in  and  day  out. 

The  other  aspect  that  we  have  that’s  to  our  advantage  is 
we  have  the  top  300  companies  around  the  world.  We  have 
17  of  the  top  20  DSL  networks,  we  have  every  [regional 
Bell  operating  company], we  have  every  [interexchange 
carrier], We’re  not  a  foreign  entity  to  these  guys. Verizon  has 
900  routers  of  ours  in  their  network  today  That’s  twice  what 
they  have  of  Cisco.  Despite  Juniper’s  size,  we  have  a  better 
customer  base  than  they  do. They’re  not  in  the  [post,  tele¬ 
graph  and  telephone  administrations]  and  RBOCs.They’re 
in  the  ISPs  and  the  IXCs.Those  are  not  the  customers  that 
are  surviving  this  wave  of  destabilization. 

Are  you  targeting  multicable  service  operators  aggressively 
given  the  impending  collision  between  RBOCs  and  MSOs? 

We  are  just  beginning  to  [target  MSOs] .  In  countries 
where  cable  companies  run  like  the  RBOCs  do  —  they 
offer  broadband  as  a  wholesale  service  to  ISPs  or  to  con¬ 
tent  providers  —  there’s  an  SMS  model  usually  in  place. 
We  play  in  that  kind  of  space  around  the  world.  In  the 
U.S.,they  have  not  been  doing  that  today.  But  they’re  just 
coming  around.  We  have  some  significant  opportunities 
that  we’re  working. 


Is  Redback  looking  to  get  into  the  cable  modem  ter 
mination  systems  business? 

I’ve  been  paring  down  what  we  do  given  that 
we  need  to  get  more  focused. We’re  focused 
now  and  have  significant  differentiation.You 
mentioned  optical  transport.  We’ve  really  backed 
down  on  our  investment  there, significantly.  We 
haven’t  discontinued  the  product  line  but  we  got 
a  very  small  R&D  team  so  we  really  down¬ 
sized  the  R&D  team.  Strategically,  we’n  > 
taking  care  of  our  customers  and  we're 
doing  the  features  that  our  customers 
are  demanding  us  to  do.  We  will  migrate 
a  lot  of  those  networks  to  routing.  3S 
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.  ^prise-class  security,  access  and  management,  Fiberlink  has  you  covered. 

Just  how  secure  is  your  remote  access?  How  dependable  is  it?  How  hard  is  it  to  manage?  If  you  want  easy  answers  to  these 
tough  questions,  you  need  Fiberlink.  •  Only  Fiberlink  delivers  a  level  of  integrated  security,  access  and  management  that  optimizes 
remote  access  —  anytime,  anywhere.  The  confidence  of  policy-enabled  remote  access,  with  integrated  authentication,  intrusion 
detection,  VPN,  distributed  firewall  and  virus  protection.  And  robust  tools  that  give  end-users  easy  access  and  administrators 
fewer  headaches.  It's  no  wonder  that  leading  industry  analysts  recommend  Fiberlink  to  their  clients.  Did  we  also  mention  that 
.  our  customers  typically  reduce  their  costs  by  as  much  as  80%? 

Learn  more  at  or  call  Nl  fJV  today.  Before  you  catch  something. 

■ 

Qlohal  R^inDte:  ^pr‘mbb'i!e professionals  Fiberlink  Secure  Broadband:  tor  telecommut-  s  Fiberlink  Global  Connect 


SHAPING  YOUR  NETWORK 


Network  taps  enable  passive  monitoring 

the  area  of  the  board  where  regenerating 
and  directing  the  signal  takes  place. 
Copper  taps  are  beginning  to  feature  fail¬ 
safe  reserve  power  within  the  tap  to  main¬ 
tain  this  availability 

If  power  is  not  available,  the  bypass  cir¬ 
cuit  closes, so  the  transmitted  signal  passes 
directly  to  the  receiving  network  device. 
The  bypass  circuit  requires  no  external  in¬ 
put,  so  copper  taps  remain  passive. 

On  the  monitoring  side,  all  taps  are  dual- 
transmit  devices,  transmitting  both  sides  of 
the  signal  from  a  full-duplex  link.  By 
design,  taps  don’t  have  receive  ports  on  the 
monitoring  side, so  they  can’t  receive  infor¬ 
mation  from  the  attached  monitoring  de¬ 
vice.  This  can  effectively  render  the 
attached  monitoring  device  invisible  to  the 
network,  eliminating  it  as  an  attack  target. 

Tap  technology  is  used  for  monitoring  in¬ 
line  network  traffic,  particularly  for 
switched  networks.  Installing  taps  can  add 
unprecedented  visibility,  allowing  com¬ 
plete  access  to  traffic  on  any  link.  Because 
taps  are  passive  and  do  not  interfere  with 
the  datastream,  taps  can  be  deployed  per¬ 
manently  in-line  without  affecting  network 
performance.  Once  taps  are  in-line,  man¬ 
agers  and  administrators  can  monitor  with¬ 
out  changing  any  network  connections, 
enabling  24-7  monitoring  with  zero  down¬ 
time,  with  any  device. 

Taps  are  available  for  all  major  network 
technologies,  including  10/100M  bit/sec 
Ethernet,  Gigabit  Ethernet,  10  Gigabit  Ether¬ 
net,  Fibre  Channel, SONET  an  ATM. 

Fisher  is  the  marketing  manager  for  Net 
Optics,  a  leader  in  passive  tap  and  matrix 
switching  technology.  She  can  be  reached  at 
afisher@netoptics.  com. 


how  it  works  Network  taps 

Network  taps  transmit  traffic  to  an  attached  man¬ 
agement  device  without  affecting  the  datastream. 


■  BY  AMY  FISHER 

Network  taps  are  used  to  create  perma¬ 
nent  access  ports  for  passive  monitoring.  A 
tap,  or  test  access  port,  can  be  set  up  be¬ 
tween  any  two  network  devices,  such  as 
switches,  routers  and  firewalls. 

It  can  function  as  an  access  port  for  any 
monitoring  device  used  to  collect  in-line 
data,  including  intrusion  detection,  proto¬ 
col  analysis,  denial  of  service  and  remote 
monitoring  tools. 

A  monitoring  device  connected  to  a  tap 
receives  the  same  traffic  as  it  would  if  it 
were  located  directly  on  the  wire. 

The  tap  can  send  traffic  data  to  the  mon¬ 
itoring  device  by  splitting  or  regenerating 
the  network  signal.  Neither  splitting  nor 
regeneration  introduce  delay  or  change 
the  content  or  structure  of  information 
packets. 

Network  taps  modify  the  strength  of  the 
transmitted  network  signal, so  that  it  can  be 
received  by  the  other  network  device  and 
the  monitoring  device  attached  to  the  tap. 

Taps  are  called  passive  devices  because 
they  don’t  act  on  network  traffic.  If  a  tap 
fails,  traffic  continues  to  run,  and  the  net¬ 
work  is  not  affected. 

In  the  case  of  fiber  taps,  the  key  internal 
components  —  fiber-optic  splitters  —  do 
not  require  power.  So  they’re  not  vulnera- 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
have  one  and  want  to  contribute  it  to  a 
future  issue,  contact  Features  Editor 
Neal  Weinberg  (nweinbergtg)  nww.com). 


ble  to  a  power  outage.  Two  key  aspects  of 
fiber  taps  are  split  ratio  and  light  source. 

The  splitter  divides  the  light  signal  into 
two  wavelengths,  and  the  tap  needs  to 
make  sure  the  network  signal  has  enough 
strength  to  make  it  to  its  destination. 

Fiber  taps 

The  split  ratio  for  fiber  taps  is  determined 
by  factors  such  as  the  devices’  transmitter 
strength  and  receiver  sensitivity  net  losses 
from  cable  connections  and  length. 

Because  the  goal  is  to  maximize  the  sig¬ 
nal  retained  in  the  network,  the  optimal 
split  ratio  is  the  highest.  So  if  70-to-30, 60- 
to-40  and  50-to-50  split  ratios  are  viable, 
then  splitters  with  a  70-to-30  split  ratio  are 
optimal. 

Splitters  also  need  to  support  the  light 
source  used  on  the  links.  For  example, 


Gigabit  SX  devices  transmit  data  using  850- 
nm  lasers,  so  Gigabit  SX  taps  should  have 
compatible  splitters. 

This  ensures  accuracy  in  the  insertion 
losses  dictated  by  the  chosen  split  ratio. 
Performance  will  not  degrade  from  the 
laser  light  intensity  which  could  occur  if 
splitters  supporting  lower-intensity  LED 
transmission  were  used  on  these  links. 

Copper  taps 

Copper  taps  regenerate  the  transmitted 
network  signal,  instead  of  splitting  it. 
Regeneration  amplifies  the  signal  to  a  level 
where  it  can  be  received  by  the  other  net¬ 
work  device  and  the  monitoring  device. 

Regenerating  the  electrical  signal  takes 
place  on  a  powered  board. When  power  is 
available  to  the  tap,  the  electrical  signal 
passes  through  an  open  bypass  circuit  to 


Dr.  Internet 


By  Steve  Blass 


Can  Ethernet  networks  support  quality  of  service? 

Raw  Ethernet  networks  do  not  provide  quality  of 
service  (QoS)  policy  management  controls  direct¬ 
ly.  Ethernet  QoS  policy  management  can  be  pro¬ 
vided  through  LAN  switching  equipment  by  using 
certain  extensions  to  the  Ethernet  standard.  The 
802.1Q  Ethernet  specification  includes  a  tag, 
inserted  into  Ethernet  frames,  that  defines  virtual 
LAN  membership.  Three  bits  in  this  tag  identify 
priority  as  defined  by  802.1  D  (previously  802.1  p)  to 


provide  for  eight  priority  levels.  Switches  and 
routers  can  use  the  tag  to  give  traffic  precedence 
by  queuing  outgoing  frames  in  multiple  buffers. 
802.1  D  provides  Differentiated-Services  function¬ 
ality  for  Ethernet  segments.  Diff-Serv  is  an  IETF 
specification  that  works  at  the  network  layer  by 
altering  the  IP  type-of-service  field  to  identify  par¬ 
ticular  classes  of  service.  Diff-Serv  is  a  class-of- 
service  management  scheme  rather  than  a  true 
QoS  implementation,  Other  internetworking  proto¬ 
cols  available  for  supporting  QoS  are  Resource 


Reservation  Protocol,  used  to  reserve  end-to-end 
network  resources  for  a  particular  network  flow 
(in  one  direction);  Real-Time  Transport  Protocol, 
which  is  optimized  to  deliver  real-time  data  such 
as  audio  and  video  streams  through  multiplexed 
UDP  links;  IP  Multicast;  and  Multi-protocol  Labe! 
Switching. 

Blass  is  a  network  architect  at  Changed) 
Work  in  Houston.  He  can  be  reached  at 
dr.internet@changeatwork.com. 
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Our  friend  Bob  runs  a  very  good  soft¬ 
ware  development  company.  And 
one  talent  he’s  proud  of  is  being  a 
god  of  Microsoft  Excel  pivot  tables. 

This  might  not  seem  like  a  big  deal  to 
you,  but  the  ability  to  analyze  data  and 
turn  it  into  information  is  crucial  when 
you  are  running  a  business,  particularly 
when  you’re  dealing  with  software  devel¬ 
opment,  which  tends  to  generate  all  sorts 
of  curious  statistics  and  data  sets.The  abil¬ 
ity  to  perform  a  fast,  ad  hoc  analysis 
makes  life  much  easier. 

Now  like  many  people,  you  might  have 
heard  of  pivot  tables,  but  like  most,  you 
might  not  have  figured  out  how  to  use 
them.  So  this  week,  we’ll  explain  how  they 
work  and  how  you  might  use  them. 

A  pivot  table  is  a  tool  that  creates  cross¬ 
tabulations.  This  means  you  can  ask 
questions  such  as  how  many  times  a 
data  item  occurs  (for  example,  how 
many  Web  access  attempts  to  each 


Become  a  pivot  table  god 


unique  Web  site  are  in  the  log?)  or  how 
many  times  that  data  item  occurs  in  rela¬ 
tion  to  other  data  items  (how  many 
times  did  each  employee  access  each 
individual  Web  site?). 

Let’s  say  you  have  a  log  file  (we  talked 
about  syslog  in  this  column  some  time 
ago  —  see  www.nwfusion.com,  Doc- 
Finder:  2837)  of  SNMP  traps  captured  by 
Kiwi  Syslog  Daemon  from  a  LinkSys 
EtherFast  DSL  router. 

With  a  little  judicious  configuring  of 
Syslog  Daemon’s  filters,  you  can  create  a 
capture  file  of  all  Internet  requests  by 
selecting  only  SNMP  messages  that  origi¬ 
nate  from  the  IP  address  of  the  DSL 
router.  After  a  bit  of  massaging  (replac¬ 
ing  all  spaces  with  tabs  and  adding 
headings  to  each  column),  you  can 
open  the  file  in  Excel. 

You  should  now  have  your  data  in 
columns  and  those  columns  should 
include  date,  time,  destination  IP  address, 
source  IP  address,  destination  port  and 
source  port. 

Next,  under  Excel’s  Data  menu  option 
you  click  on  PivotTable  and  PivotChart 
Report.  This  invokes  a  wizard  that  asks 
from  where  you  are  going  to  get  your 
data.  You  accept  the  default  of  “Microsoft 
Excel  list  or  database”  and  click  Next. 


Then  you  select  the  data  range,  the  des¬ 
tination  for  the  pivot  table  (a  new  sheet) 
and  click  finish.  What  you  get  is  a  table  on 
the  new  sheet  with  a  dialog  box  labeled 
PivotTable  Field  List  and  a  tool  palette 
labeled  PivotTable. 

The  table  at  this  point  has  no  contents.  It 
does,  however,  have  regions  outlined  in 
blue  that  sport  the  labels  Drop  Row  Fields 
Here,  Drop  Column  Fields  Here,  Drop  Data 
Items  Here  and  Drop  Page  Fields  Here.  By 
dragging  and  dropping  the  fields  from  the 
PivotTable  Field  List  onto  the  various 
regions,  you  can  create  different  analyses 
of  the  data. 

For  example,  using  the  data  you  have, 
drag  the  To  IP  Address  field  to  the  Drop 
Row  Fields  Here  region,  From  IP  Address 
field  to  the  Drop  Column  Fields  Here 
region,  and  the  Time  field  to  the  Drop 
Data  Items  Here  region  and  voila! 

You  now  have  a  table  that  tabulates 
how  many  times  each  source  IP  address 
has  attempted  to  access  each  destina¬ 
tion  IP  address,  complete  with  totals  for 
each  row  and  column,  and  a  grand  total. 

Now  drag  the  Date  field  to  the  Drop 
Page  Fields  Here  region. You’ll  notice  that 
if  the  field  has  multiple  values  when  you 
drop  a  field  on  a  region,  there  will  be  a  tri¬ 
angle  to  the  right  of  the  title.  Clicking  on 
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the  title  produces  a  list  of  the  data  items 
so  you  select  what  you  want  included. 

In  the  row  and  column  regions  you  can 
select  which  values  are  displayed,  while 
selections  in  the  page  region  control 
which  groups  of  field  and  row  items  are 
used.  In  our  example,  selecting  dates  in 
the  page  region  will  restrict  which  “from" 
and  “to”  IP  addresses  are  included  in  the 
table,  letting  you,  in  effect,  sort  by  date. 

Grief  saver 

The  value  of  pivot  tables  lies  in  ad  hoc 
analysis.  Where  you  don’t  need  them  is 
where  there’s  a  ready-made  tool  for 
analysis.  For  example,  Web  logs  usually 
are  better  analyzed  with  specifically 
designed  analysis  tools.  But  when  you 
run  up  against  the  limits  of  an  analysis 
tool  or  wind  up  (as  seems  all  too  com¬ 
mon)  with  a  data  set  for  which  no  tool 
exists,  pivot  tables  can  save  you  from  all 
sorts  of  grief  writing  custom  code  to  han¬ 
dle  the  job. 

There’s  a  lot  more  to  pivot  tables  and  no 
end  of  compendious  tomes  on  the  sub¬ 
ject.  With  a  little  work,  you  can  learn  how 
to  use  them  effectively  and  become,  like 
Bob,  a  god  of  pivot  tables. 

Tabulate  to  gearhead@gibbs.com. 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Siemens  launches  new 
GSM  phones 

Siemens  Mobile  recently 
announced  a  bunch  of  GSM 
devices  for  North  American 
wireless  users,  with  the  aim  of 
increasing  its  presence  in  the  U.S. 

The  phones  from  Siemens  include: 

•  The  S56,  a  mobile  phone  with  a 
detachable  camera  and  integrated 
flash.  The  phone  will  let  users  send 
images  via  Multimedia  Messaging 
Service,  Siemens  says.  It  is  General 
Packet  Radio  Service  (GPRS)-capable 
for  high-speed  wireless  data  access, 
and  includes  Bluetooth,  Java  for 
download  of  business  applications, 

polyphonic  ring  tones,  a  color  screen,  hands-free  voice 
dialing,  voice  command  and  voice  memo. 

•  lhe  CT56,  which  Cingular  Wireless  will  sell  by  year-end. 
The  phone  includes  eight  changeable  CLIPit  covers,  and 
has  Enhanced  Messaging  Service  (EMS)  capabilities  that 
add  pictures,  video, graphics  and  sounds  to  text  messages.lt 
is  GPRS-capable  and  has  Java  for  downloads,  polyphonic 
ring  tones,  hands-free  voice  dialing  and  voice  command. 
Siemens  says  the  C56,  similar  to  the  CT56,  also  will  be 
offered  to  non-Cingular  customers. 

•  The  A56,  an  entry-level  phone  that  includes  eight 
changeable  covers,  is  GPRS-enabled  and  includes  EMS 


Siemens  hopes  to  in¬ 
crease  its  U.S.  presence 
with  new  GSM  devices. 


text-messaging. 

Siemens  also  says  its  M46  phone  will  work  on  the 
T-Mobile  network.  Its  SX56  Pocket  PC  Phone  will  be  sold 
through  AT&T  Wireless  for  $550. 

For  more  information  on  the  new  phones,  go  to  www 
siemens-mobile.com. 

Four  cool  Web  server  tools 

Port80  Software  has  four  new  Web  server 
software  modules  for  Microsoft’s 
Internet  Information  Server 
that  it  says  can  “address  the 
gaps  between  IIS  and  the 
Apache  Web  server  func- 
!  tionalit/ 

The  modules  — 
URLSpellCheck,  Custom- 
Error,  ServerMask  and 
f  CacheRight  —  aim  to  increase 
security  performance  and  user 
/  experience  for  IIS  users,  the 
company  says.  Details  of  the 
software: 

•  URLSpellCheck  ($120)  fixes  mis¬ 
typed  URLs  and  broken  links  automatic¬ 
ally  as  requests  come  into  the  Web  server. 

•  CustomError  ($30)  is  a  custom-error  page 
management  system  for  developers. The  company  says  all 
error  pages  are  integrated  with  a  site’s  design  to  give  useful 
direction  to  Web  site  users. 

•  ServerMask  ($25)  adds  to  security  from  low-level  hack¬ 
ers  by  changing,  hiding  or  obscuring  server  header  data  in 
an  HTTP  transaction. 

•  CacheRight  ($150)  adds  intelligent  cache  management 
for  developers  to  reduce  bandwidth  utilization  and 
increase  the  page  load  speed  of  a  Web  site. 

All  four  modules  offer  a  free  30<lay  trial.  Go  to  www. 
port80software.com  for  details.  The  software  supports 


Windows  NT,  2000  and  XP  with  IIS  4.0, 5.0  and  5.1. 

Sitekeeper  2.0  released 

Executive  Software  has  unveiled  the  newest  version  of  its 
systems  management  tool,  Sitekeeper  2.0. 

New  features  include  support  for  XP  (in  addition  to  Win 
2000,  NT,  ME  and  95);  an  inventory  tracker,  which  lets  an  IT 
manager  instantly  see  what  hardware  and  software  is 
deployed  throughout  a  site;  a  license  tracker,  which  shows 
software  license  compliance;  Pushlnstaller,  which  lets 
users  rapidly  install  or  uninstall  software, updates, upgrades 
and  patches  on  selected  machines  throughout  a  site  from 
a  central  location;  and  support  for  laptops  and  machines 
intermittently  connected  to  a  network. 

More  information  is  available  at  www.execsoft.com. 


Sony  gives  surfing  lessons  to  robot  dogs 

Sony’s  Entertainment  Robot  America  division  has 
released  AIBO  Speed  Board,  a  four-wheel  scooter  device 
that  lets  the  robot  dogs  skate.  The  Speed  Board  will  be 
available  in  mid-November  for  about  $250. 

Compatible  robot  models  will  be  able  to  respond  to 
voice  commands.so  users  can  tell  the  AIBO  to  “turn  left”or 
“turn  right,"  Sony  says.  For  more  information,  go  to  Sony’s 
AIBO  Web  site  (www.us.aibo.com). 

Shaw  can  be  reached  at  kshaw@nww.com. 


BUSINESS  TECHNOLOGY  OPTIMIZATION 


The  intelligent  way  to  reap  the  rewards  of  your  IT  investment. 


Your  company  has  paid.  And  built.  A  lot.  All 
because  of  an  exciting  vision.  The  vision 
that  IT  would  send  your  company  charging 
toward  its  business  goals  faster  than  ever 
before.  So  have  you  paid  enough?  You  have. 
With  Mercury  Interactive’s  new  Business 
Technology  Optimization  suite 
your  company  will  at  last  realize 
the  full  power  of  your  IT 
investment.  You’ll  finally  see 
tangible  results  by  reducing 


MERCURY  INTERACTIVE 


IT  costs.  Improving  the  quality  of  IT-enabled 
business  processes.  And,  most  importantly, 
aligning  IT  with  your  business  goals.  Can  it 
really  work?  Mercury  Interactive  has  spent 
the  last  thirteen  years  helping  75%  of  the 
Fortune  500  in  remarkable  ways.  Be  absolutely 
sure  to  learn  more  about 
Mercury  Interactive’s  new 
comprehensive  BTO  solutions 
by  viewing  our  Webcast  today  at 
www.mercuryinteractive.com/cxo_corner/nw 


©  2002  Mercury  Interactive  Corporation.  Mercury  Interactive  and  the  Mercury  Interactive  logo  are  registered  trademarks  of  Mercury  Interactive  Corporation. 
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EDITORIAL 

John  Gallant 


Web  Services 
Showdown  to 
rock  ComNet 

One  of  the  innovations  we’re  proudest  of  at  Network 
World  is  our  Showdown  debates.  Since  the  mid- 
1990s,  we’ve  brought  together  the  leading  vendors 
in  virtually  every  key  technology  area  to  argue  the  pros 
and  cons  of  their  products  and  strategies. 

Network  management,  frame  relay,  operating  systems, 
voice  over  II?  switching,  broadband,  Linux,  application 
service  providers  —  you  name  the  issue,  we’ve  staged  a 
FbwerFbint-free  debate  on  the  topic. 

Just  about  every  major  technology  company  has 
stepped  up  to  participate  —  AT&T, Cisco,  IBM,  Microsoft, 
SBC  Communications,  Sun  and  many  more.  We’ve  held 
debates  at  NetWorld+Interop,  Linux  World,  ComNet, 
Comdex, Voice  on  the  Net  and  almost  every  other 
important  conference  in  the  IT  industry  Thousands  of 
customers  have  attended  and  learned  from  the  robust 
debate. 

Happily,  the  Showdown  tradition  will  continue  in  2003. 
Thanks  to  the  good  folks  at  ComNet,  who  took  a  chance 
and  let  us  stage  our  first  Showdown  in  1995,  I’ll  be  hosting 
a  Web  Services  Showdown  from  12:45  to  2  p.m.  Jan.  28  at 
the  ComNet  conference  in  Washington,  D.C. 

Web  services  are  the  talk  of  the  tech  town  these  days. 
They  promise  to  make  the  extended  enterprise  a  reality  — 
linking  applications  and  resources  across  private  networks 
and  the  Internet  to  smooth  business  transactions  and 
boost  productivity  But  what’s  the  reality  behind  the 
megahype  surrounding  Web  services?  What  works  and 
what  doesn’t?  Who's  supporting  what  standards? 

That’s  what  we’ll  explore  at  the  Web  Services 
Showdown.  1DC  analyst  and  Web  services  expert  Tony 
Picardi  will  join  me  in  grilling  four  leading  suppliers  of 
Web  services. 

Then,  we’ll  let  the  vendors  ask  each  other  questions 
and  take  questions  from  the  audience.  No  one  will  know 
the  questions  in  advance,  and  the  Q&As  will  be  candid 
and  unscripted. 

So  who’ll  be  up  on  stage?  Tony  and  I  are  challenging 
BEA  Systems,  IBM,  Microsoft  and  Oracle  to  send  their  top 
technology  strategists  to  take  part  in  the  debate.The  com¬ 
panies  will  have  until  Nov.  20  to  let  me  know  if  they  are 
up  to  the  challenge.  If  one  of  them  balks,  we’ll  invite  a 
competitor. 

Not  to  worry.  In  seven  years,  we’ve  only  had  a  couple  of 
companies  shirk  from  the  challenge.  1  have  no  doubt  that 
BEA,  IBM,  Microsoft  and  Oracle  will  jump  at  the  chance 
to  outline  their  Web  sendees  strategies. 

Now  it’s  up  to  you  to  mark  the  date  on  the  calendar. 

Join  us! 

—  John  Gallant 
Editorial  Director 
jgallant@nww.  com 
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More  on  GoToMyPC 

In  discussing  ExpertCity’s  GoToMyPC  in  his  column 
‘“Always  on’  programs  pose  an  ‘always  on’  threat” 
(www.nwfusion.com,  DocFinder:  2823),  Kevin  Tolly 
states:“While  there  is  clearly  no  evil  intention  on  the 
part  of  ExpertCityl  find  it  unsettling  to  have  scads  of 
corporate  desktops  in  constant  communication 
with  a  third-party  service  that,  through  its  ‘mole,’  can 
determine  how  often  your  PC  is  busy  when  you’re  in 
the  office  and  so  forth.” 

It’s  more  than  unsettling. This  is  essentially  a  third- 
party  VPN  that  your  company’s  IT  group  might  not 
have  approved.  Using  it  might  violate  corporate 
security  and  network  policies,  such  as  who  owns 
and  runs  your  company  perimeter  services  (that’s 
what  a  VPN  is), your  acceptable  use  policyyour  auth¬ 
entication  policy  and  others.  One  possible  approach 
to  deal  with  this  is  to  block  all  outbound  IP  traffic 
from  your  company  to  the  GoToMyPC  subnet. 

Paul  Dodd 
Seattle 

In  light  of  Steve  Janss’  favorable  review  of 
GoToMyPC  (“Telework  tools  that  work,”  DocFinder: 
2824),!  was  surprised  to  note  inaccuracies  in  Kevin 
Tolly’s  statements  about  the  security  and  administra¬ 
tive  features  of  GoToMyPC  Corporate  3.0. 

Tolly  states,  “While  the  company  offers  packaged 
enterprise  services,  they  don’t  offer  an  ‘opt  out’  for 
companies  that  don’t  want  to  let  desktops  in  their 
domain  use  the  service.”  This  statement  warrants 
correction.  GoToMyPC  does  offer  a  free  service  to 
organizations  that  wish  to  prevent  unauthorized  use 
of  GoToMyPC.  The  Authorization  Management 
Service  (AMS)  allows  an  organization  to  permit  only 
authorized  corporate  accounts  to  use  GoToMyPC 
Corporate  within  their  corporate  LAN.  The  service 

E-mail  letters  to  jdix@nwtv.com  or  send  them  to  John  Dix,  Editor  In 
Chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


blocks  personal  and  other  corporate  accounts  from 
setting  up  or  accessing  a  computer  within  the  LAN. 
The  service  is  open  to  any  organization  that  would 
like  to  restrict  usage  of  GoToMyPC  within  their  LAN. 

The  AMS  has  been  a  widely  successful  program 
since  its  introduction  in  May.  We  explain  the  AMS  in 
our  FAQ  on  the  GoToMyPC  Web  site  (www.goto 
mypc.com). 

Heidi  Wieland 
Manager,  Corporate  Communications 
John  Connolly 
Product  Manager, 
GoToMyPC  Corporate  Products 
ExpertCity 
Santa  Barbara,  Calif. 

Tolly  replies:  I  am  glad  to  see  that  this  feature  is 
available.  In  conducting  my  research,  /  investigated 
the  information  supplied  in  the  Corporate  section  of 
your  site  rather  than  the  generic  Help  path  off  of  your 
home  page.  I  suspect  that  noncustomer  companies 
looking  to  block  GoToMyPC  access  would  have  as 
difficult  a  time  as  /  did  in  finding  the  information 
buried  in  a  general  FAQ  page.  A  prominent  icon  about 
AMS  on  the  Corporate  page  and  an  online  form  to  fill 
out  to  request  it  would  be  welcome. 

Who  needs  land  lines? 

Regarding  Johna  Till  Johnson’s  column  “Why  the 
cable  companies  will  win”  (DocFinder:  2825): 
Another  point  to  ponder  is  the  increased  use  of  cell 
phones.  Many  households  are  getting  rid  of  their 
land  lines  altogether  and  using  their  cell  phones.  For 
them,  it’s  more  practical  and  cost-efficient  to  just  use 
a  cable  broadband  offering.  I’m  renting  an  apart¬ 
ment  and  will  use  my  cell  phone  exclusively  rather 
than  purchase  a  telephone  service.  I  also  will  get 
cable  TV  and  a  cable  modem  for  Internet  access. 

Sean  Heffley 
Pittsburgh 


More  online!  www.nwftision.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  2821 
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OUT  OF  THE  BOX 

John  Hagel 


f  eb  services  are  being  deployed  today 
at  a  surprising  pace.  In  fact,  deploy¬ 
ments  might  be  underway  already 
within  your  company  without  you  knowing 
about  it.  Why?  Often,  corporate  executives  lead  these  initiatives.  They 
want  to  move  quickly  to  solve  a  business  problem  and  don’t  want  to 
attract  a  lot  of  attention  from  central  IT.  They  worry  that  IT,  concerned 
about  the  immaturity  of  the  technology,  will  try  to  delay  their  efforts. So 
they  fund  undercover  efforts  to  deploy  the  technology 

Want  another  worry?  Based  on  a  survey  of  early  adopters,  the 
majority  of  these  deployments  are  at  the  edge  of  corporations, 
crossing  firewalls  to  connect  with  business  partners.  These  aren’t 
just  harmless  experiments  behind  the  firewall.  They  support  mis¬ 
sion-critical  business  processes  with  either  suppliers  or  distribution 
channels. 

What  should  IT  executives  do?  First,  resist  the  temptation  to  find  and 
punish  the  guilty  Instead,  applaud  the  fact  that  business  executives  are 
grabbing  on  to  a  new  technology  and  championing  its  deployment. 

Next,  inventory  existing  initiatives  deploying  Web  services.  Make  them 
visible.  Find  out  which  initiatives  need  help  and  work  to  support  them. 

At  the  same  time,  discuss  with  senior  business  management  the 
potential  and  limitations  of  this  technology  Help  to  develop  a  more  sys¬ 
tematic  approach  to  target  the  highest  potential  business  opportuni¬ 
ties.  Design  a  migration  plan  for  the  broader  technology  architecture. 
Anticipate  the  networking  implications  of  Web  services.  After  all,  this 


Caught  off-guard  by  Web  services? 


technology  is  built  on  a  service  model  that  assumes  applications  and 
data  can  be  accessed  anywhere.  Yet,  few  companies  have  thought 
through  how  networks  will  need  to  evolve  to  support  Web  services. 
Build  alignment  within  senior  management  around  a  coordinated 
game  plan  to  harness  the  economic  value  of  this  technology 

As  the  plan  comes  together,  work  to  deepen  your  Web  services 
capability.  Chances  are,  your  company  is  still  pretty  thin  in  terms  of 
Web  services  skills.  Find  third  parties  to  help  supplement  your  capa¬ 
bilities  in  the  near  term  and  fill  in  gaps  as  quickly  as  you  can. 

Champion  the  emergence  of  service  grids  to  off-load  a  lot  of  the 
complexity  and  reduce  the  capability  burden  on  your  company 
Service  grids  represent  federations  of  shared  enabling  services  that 
support  the  performance  requirements  of  application  services. They 
can  offer  specialized  services  in  areas  such  as  reliable  messaging, 
performance  monitoring,  security,  data  translation  and  synchroniza¬ 
tion  of  services.  Companies  such  as  Grand  Central  Communications, 
Commerce  One  and  E2open  are  beginning  to  address  this  need. 

Adoption  of  Web  services  is  accelerating.  The  horse  is  out  of  the 
barn.  It  might  not  be  too  late  to  build  a  fence  around  the  pasture,  but 
it  is  time  to  get  out  into  the  field  and  develop  an  action  plan. 


Few  companies 
have  thought 
through  how 
networks  will 
need  to  evolve  to 
support  Web 
services. 


Hagel  is  a  management  consultant  based  in  Silicon  Valley  and 
author  of  a  new  book,  Out  of  the  Box:  Strategies  for  Achieving  Profits 
Today  and  Growth  Tomorrow  through  Web  Services.  He  can  be 
reached  via  his  Web  site  at  www.johnhagel.com. 


OH  SECURITY 

Winn  Schwartau 


heard  a  great  quote  this  morning:  “New 
York  ain’t  what  it  used  to  be.”  Sure,  we  all 
know  that  too  vividly.  But  in  this  case,  the 
quote  refers  to  the  increasing  amount  of  temporal  dispersion  occur¬ 
ring,  in  this  case,  in  lower  Manhattan.  The  nerve-rattling  amount  of 
data-center  concentration  in  the  financial  sector  now  is  finding  itself 
getting  ready  to  be  spread  hither  and  yon. The  same  kinds  of  discus¬ 
sions  are  occurring  in  Washington,  D.C.,  Chicago  and  other  critical 
infrastructure-centric  metropolitan  areas. 

Temporal  dispersion  is  an  attempt  to  balance  a  business’  risk  by 
spreading  critical  hardware  assets  over  a  greater  physical  distance  than 
heretofore  thought  necessary  The  corollary  is  to  spread  our  best  and 
brightest  to  these  different  locations  and  put  them  on  duty  24-7.So  if  the 
IT  hits  the  fan,  some  of  the  experts  will  still  be  around  to  reconstitute 
mission-critical  systems.This  is  a  smart  and  long  overdue  move. 

Consider  what  we  lackadaisically  have  assembled  in  the  last  cou¬ 
ple  of  decades: 

•  Huge  data  centers  in  high-rise  buildings  that  were  built  for 
beauty  and  bragging  rights,  not  physical  security. 

•  Back-up  data  centers  in  the  same  buildings. 

•  Data  centers  on  the  ground  floor  or  beneath  ground  and,  often, 
the  water  line. 

•  Reliance  on  public  communications  lines  for  backup,  redun¬ 
dancy  and  business  continuity. 

•  Secondary  power  sources  designed  to  work  but  are  rarely  tested. 

So  along  comes  temporal  dispersion,  which,  depending  on  to  whom 

you  speak,  yields  a  variety  of  interpretations.  Because  we  don’t  know 
when  or  how  attacks  might  occur,  we  need  to  consider  several  added 
variables  we  might  not  have  a  year  ago.  A  systemic  network  failure 
because  of  an  attack  can  have  farther-reaching  consequences  than 
previously  thought.  We  know  collocation  of  critical  infrastructures  is  a 
recipe  for  disaster,  but  many  companies  do  little  about  it. 

A  physical  attack  is  more  likely  than  in  the  past  and  the  effects  of 
collateral  damage  on  nearby  critical  infrastructure  can  be  just  as 
debilitating.  Large  metropolitan  areas  share  common  utilities,  even 


Becoming  safer  by  spreading  out 


across  spans  of  10, 20  or  50  miles. 

Perhaps  the  scariest  aspect  is  that  we  also  concentrate  our  people, 
our  best  and  brightest,  in  single  locations  at  the  same  time.  Think 
about  your  own  shop:  How  many  of  your  top  technicians  work  the 
day  shift?  What  percentage  of  your  techs  work  second  or  third  shift? 
Are  they  your  best,  or  are  they  the  second  string?  How  many  of  your 
primary  technical  staff  members  work  in  the  same  physical  location? 

In  the  early  post-Cold  War  days,  some  firms  found  it  enticing  to  put 
their  contingency  resources  into  hardened  missile  silos  from  Nebraska 
to  Montana.  Today  talk  is  of  using  the  long-forgotten  “home  bases”  of 
Minuteman  missiles  because  of  their  proximity  to  critical  East  Coast 
assets.  West  Virginia  is  a  popular  alternative  data  center  site,  in  part  be¬ 
cause  of  the  lobbying  efforts  of  Sen.  Robert  Byrd  and  in  part  because 
the  cost  of  living  is  appreciably  lower  than  in  nearby  Washington. 

Moving  techs  and  support  staff  to  lower-cost  areas  or  offering  com¬ 
muting  bonuses  is  one  reasonable  approach  to  temporal  dispersion 
efforts.  But  what  about  management?  Do  they  temporally  disperse, 
too?  Or  is  it  business  as  usual,  with  the  same  daily  concentration  of 
top  brass  in  single  facilities,  convenient  to  them,  their  homes  and 
their  current  lifestyles?  If  the  techs  are  all  there  and  the  management 
is  all  gone,  who  is  going  to  run  the  show?  The  national  security  term 
is  continuity  of  government.  Organizations  should  take  the  same 
view  of  their  own  survival  and  continuity. 

Part  of  the  new  reality  we  are  facing  is  that  high-tech  network 
defense  intrinsically  means  physical  defense  of  fixed  assets,  physical 
dispersion  of  certain  others,  including  contingency,  awareness  of  the 
strengths  and  weaknesses  of  supporting  critical  infrastructures,  and 
the  temporal  dispersion  of  people  to  keep  it  all  working. 

This  might  not  be  what  we  all  signed  up  for.  But  there  are  much  worse 
things  in  life  than  living  in  the  country  working  in  a  hardened  and  safe 
silo  and  cutting  personal  expenses  by  one-third.  Much  worse. 


We  know  colloca¬ 
tion  of  critical 
infrastructures 
is  a  recipe  for 
disaster,  but 
many  companies 
do  little  about  it 


Schwartau  is  president  of  Interpact,  a  security  awareness  consulting 
firm,  and  author  of  several  books,  including  the  recent  Pearl  Harbor 
Dot  Com.  He  can  be  reached  at  winns@gte.net. 


Tripwire  is  The  Data  Integrity  Assurance  Company 


Tripwire®  establishes  a  baseline  of  data  in  its  known 
good  state,  monitors  and  reports  any  changes  to 
that  baseline,  and  enables  rapid  discovery  and 
recovery  when  an  undesired  change  occurs. 

Foundation  for  Data  Security 

■  Ensure  the  integrity  of  your  data 

■  Instant  assessment  of  system  state,  reporting 
“integrity  drifts” 


Your  firewalls  and  intrusion  detection  tools  alone 
are  not  enough  to  keep  systems  trustworthy. 
Tripwire’s  data  integrity  assurance  products  are  the 
only  way  to  know  with  100%  confidence  that  your 
data  remains  uncompromised.  For  nearly  10  years 
Tripwire  has  been  helping  IT  professionals  know 
exactly  what’s  changed  on  their  systems,  and 
helping  them  to  recover  quickly. 


Maximize  System  Uptime 

■  Eliminate  risk  and  uncertainty 

■  Enable  quick  restoration  to  a  desired  state 

Increase  Control  and  Stability 

■  Ongoing  monitoring  and  reporting 

Lower  Costs 

■  Find  and  fix  problems  quickly  and  precisely  - 
no  more  guess  work 


For  a  FREE  30-day  fully-functional 

eval,  call  toll-free:  1.800.TRIPWIRE  (874.7947)  or 
visit  http://networld.tripwire.com  today! 
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Maturity  brings  a  new  face 
to  IPSec  VPN  products 


Progress  brings  lower  prices,  deviation  from  standards,  but  still  no  centralized  management. 


s  the  VPN  market  approaches  maturity  at  a  brisk  pace,  vendors  have  been 
forced  to  rethink  the  traditional  identity  of  their  IP  Security-based  technol¬ 
ogy  for  letting  users  securely  access  enterprise  resources  via  the  Internet. 


By  Joel  Snyder, 
Network  World 
Global  Test 
Alliance 
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During  the  last  18  months,  vendors  have  pushed  VPN  technology  into 
different  devices,  have  lessened  the  distinction  between  VPN  and  firewall 
products,  and  have  demonstrated  a  strong  willingness  to  deviate  from 
standardized  technology  to  meet  corporate  remote  access  requirements 
(see  product  review, page  52). What  remains  lacking,  though, are  features 
that  offer  strong  centralized  VPN  management. 

VPN  technology  now  is  built  into  a  variety  of  products  at  all  prices. 
Linksys’  line  of  EtherFast  firewall/VPN  routers,  which  includes  software 
and  hardware  encryption  models,  ranges  in  price  from  $100  to  $180.  Only 
a  year  ago,  products  with  this  level  of  encryption  acceleration  were  10  to 
50  times  more  expensive. 

Likewise,  at  least  a  dozen  companies  sell  VPN/firewall  devices  that  are 
little  more  than  Intel-based  boxes  running  Linux,  a  freeware  firewall,  IPSec 
and  a  Web  graphical  user  interface. These  appliances  are  low-priced  but 
lack  security  certification  and  offer  little  by  way  of  quality  control. 

At  the  same  time,  the  boundaries  between  firewall  and  VPN  devices 
have  merged,  virtually  eliminating  the  dedicated  VPN  device  category  of 
products.  With  the  demise  over  the  past  two  years  of  Nokia’s  Crypto- 
Cluster,  Cisco’s  5000  series  and  products  from  the  now-defunct  Radguard 
and  Redcreek.the  last  pure  VPN  devices  have  left  the  marketplace. 

One  way  to  evaluate  combined  VPN/firewall  devices,  says  Nokia  engi¬ 
neer  Dan  McDonald,  is  to  recognize  that  some  are  better  firewalls  than 
VPN  servers  and  vice  versa.An  example  of  the  “big  F  firewall,  little  V  VPN” 
devices  is  Secure  Computing’s  Sidewinder,  which  has  a  perfectly  capable 
VPN  stack  inside,  but  lacks  in  the  areas  of  VPN  manageability  and  func¬ 
tionality  such  as  in  creation  and  management  of  large-scale  site-to-site 
VPNs  or  in  policy  creation  and  distribution  in  remote  access  VPNs. 

In  the  “little  F  firewall,  big  V  VPN”  category  is  Avaya’sVSU  series.  Its 
mediocre  packet  filter  is  incidental  to  its  outstanding  VPN  features. 

This  merger  of  firewall  and  VPN  technology  is  good  news  for  corporate 
network  professionals  on  two  fronts.The  first  is  a  greater  opportunity  to 
deploy  VPN  technology  without  having  to  compromise  on  network  de¬ 
sign. The  second  is  enormous  price  pressure  on  all  parts  of  the  market  in 
the  customers’  favor. 

■  Management  is  missing 

Centralized  VPN  management  is  not  a  problem  that  vendors  have 
been  able  to  solve.  Skeptics  charge  that  vendors  don’t  care  to  solve  it 
either,  as  doing  so  could  open  the  door  to  multivendor  VPN  deploy¬ 
ments.  As  Network  World  has  proven  in  lab  tests  (see  www.nwfusion. 
com,  DocFinder:  2829),  building  interoperable  VPNs  is  not  impossible  — 
one  can  make  almost  any  two  IPSec  products  communicate.  But  manag¬ 
ing  all  these  VPN  devices  from  a  single  point  of  view  is  not  possible  at 
this  point  in  time. 

Very  few  manufacturers  have  even  started  to  think  about  what  it  takes  to 
configure  and  maintain  a  VPN  network  with  more  than  a  dozen  of  their 


own  nodes  that  changes  in  topology  more  than  once  a  year.  Cisco  limped 
along  with  its  Cisco  Secure  Fblicy  Manager  for  most  of  this  year  but  has 
recently  introduced  a  management  platform  called  CiscoWorks  VPN/ 
Security  Management  Solution  Version  2,  which  the  company  says  makes 
inroads  into  centralized  management.  Likewise,  Check  Fbint  Software  is 
making  headway  with  its  inclusion  of  management  in  its  Feature  Pack  2  of 
its  NG  firewall  released  in  April.  But  again,  in  both  cases,  the  vendors  have 
addressed  only  management  of  their  own  devices. 

Third-party  management  vendors  have  not  stepped  up  to  the  plate 
either.  Some  carrier-focused  vendors,  such  as  Orchestream,  offer  VPN 
management  tools,  but  no  significant  effort  has  gone  into  giving  corpo¬ 
rate  network  managers  a  tool  to  link  multiple  VPN  products  into  a  sin¬ 
gle  cohesive  network. 

■  Nonstandard  standards 

While  IPSec  is  more  widely  used  than  Secure  Sockets  Layer  (see  story 
page  56)  for  securing  VPN  connections,  the  standards  are  woefully  inade¬ 
quate  for  remote  access. The  political  infighting  within  the  Internet 
Engineering  Task  Force  has  resulted  in  a  stunted  specification  that  doesn’t 
meet  the  needs  of  even  modest  remote  access  deployments  in  the  areas 
of  authentication,  internal  addressing,  and  Network  Address  Translation/ 
Network  Address  and  Fbrt  Translator  traversal.  More  advanced  require¬ 
ments,  including  accounting  and  policy  management,  are  ignored  com¬ 
pletely  in  the  IPSec  standards. 

Even  more  disappointing  is  progress  on  Internet  Key  Exchange  Version 
2,  the  protocol  used  to  set  up  IPSec  security  associations  where  issues 
such  as  authentication  and  address  assignment  are  handled.  While  the 
IETF  working  group  is  arguing  minute  details  such  as  whether  two  or 
three  round  trips  are  necessary  to  set  up  a  security  association,  most  of 
the  remote  access  problems  remain  unaddressed. 

Vendors  have  been  forced  to  build  nonstandard  mechanisms  to  support 
secure  remote  access  in  large  networks.  The  situation  is  exacerbated  as 
the  VPN  market  matures  —  what  were  minor  proprietary  extensions  in  the 
past  are  now  wholesale  departures  from  the  standards  as  written. 

Customers  should  be  aware  that  the  better  the  remote  access  product, 
the  more  likely  they  will  be  tied  to  a  single-vendor  solution.  In  our  accom¬ 
panying  review,  the  best-scoring  products  were  those  that  broke  the  IPSec 
standards  with  the  greatest  abandon  —  and  those  that  have  the  least  in¬ 
teroperability  outside  of  the  vendor-supplied  client. 

One  key  strategy  to  deploying  remote  access  VPN  technology'  is  to  sepa¬ 
rate  it  from  site-tosite  VPN  deployments.  Do  not  tie  the  remote  access  ser¬ 
vices  to  an  existing  firewall  or  VPN  server.  Feel  free  to  jump  ship  to  the 
most  appropriate  technology  and  server  for  your  enterprise. 

Snyder,  a  Network  World  Test  Alliance  partner,  is  a  senior  partner  at  Opus 
One  in  Tucson,  Ariz.  He  can  be  reached  at  Joel.  Snyder@opus  I  .com 


Cisco  and  Check  Point  earn  top  scores  for  enterprise  readiness. 


By  Joe!  Snyder, 
Network  World 
Globai  Test 
Alliance 

PNs  have  been  brought 
road  warriors  and  tele¬ 
commuters  into  the  cor¬ 
porate  network  fold  since 
Microsoft  bundled  Point- 
to-Point  Tunneling  Protocol  into  Win¬ 
dows  95.  But  with  more  sophisticated 
networks  and  VPN  services  more  per¬ 
vasive,  basic  requirements  for  remote 
access  VPN  products  have  changed 
to  keep  up.  A  manual  deployment  to 
a  few  dozen  users  might  be  fine  for  a 
pilot  project,  but  rolling  out  remote 
access  on  a  corporate  scale  demands 
exceptional  products  with  exceptional 
scalability 


We  invited  leading  IPSec-based  VPN  ven¬ 
dors  to  provide  their  best  products  for 
serving  up  enterprise-class  remote  access 
to  thousands  of  users.  We  tested  10  prod¬ 
ucts  from  ActiveLane.Avaya,  Check  Point 
Software  running  on  Nokias  hardware, 
Cisco,  Cylink,  Imperito  Networks,  Net- 
Screen  Technologies,  Secure  Computing, 
SonicWall  and  Symantec.  (For  declining 
vendors,  see  story  page  53.) 

In  our  evaluation,  we  considered  deploy¬ 
ment  and  support  burden,  management 
overhead,  suitability  for  enterprise  net¬ 
works,  flexibility,  reporting  capabilities  and 
client  support  (see  How  we  did  it,  www. 
nwfusion,  DocFinder:  2830).  Rather  than 
focus  on  a  particular  model  of  VPN  server, 
we  encouraged  VPN  vendors  to  show  us 
an  entire  set  of  products  that  address  re¬ 
mote  access  VPNs,  including  concentra¬ 
tors,  management  applications,  and  hard¬ 
ware  and  software  clients  (see  NetResults 
for  full  product  listing,  below). 

Cisco  and  Check  Point  came  in  way 
ahead  of  the  pack  in  our  tests.  While  Cisco 
barely  edged  out  Check  Point  in  the  over¬ 
all  score,  we  handed  both  products  a 


World  Class  award  because  both  compa¬ 
nies  have  clearly  considered  the  issues  of 
enterprise  remote  access  and  built  prod¬ 
ucts  that  are  easy  to  use,  deploy  and  up¬ 
date,  but  are  not  arbitrarily  limiting  in 
terms  of  policy  platform  or  features. 

Honorable  mention,  though,  goes  to  Net- 
Screen  and  Avaya.  While  neither  product 
set  offers  all  the  features  and  flexibility  of 
the  winners,  they’ve  assembled  systems 
that  generally  do  a  good  job  attacking  the 
problem  of  large-scale  remote  access  and 
offer  specific  product  details  that  also 
might  sway  a  decision  in  their  favor. 
Avayas  specialized  support  for  voice-over- 
IP  (VoIP)  applications  is  better  than  any 
other,  while  NetScreen’s  broad  range  of 
hardware  lets  you  precisely  fit  resources  to 
requirements. 

■  Deployment 

VPN  clients  have  two  pieces:  the  client 
software  and  the  abstract  policy  that 
defines  how  communications  are  en¬ 
crypted.  Deployment  means  getting  the 
software  and  policy  information  to  end 
users  and  keeping  both  updated  as  the 


network  configuration  and  topology 
changes. 

Client  software  installation  was  generally 
easy  across  products.The  notable  excep¬ 
tion  is  ActiveLane,  which  is  designed  to 
work  with  built-in  Windows  VPN  clients  — 
both  PPTP  and  IP  Security  (IPSec)/Layer 
2  Tunneling  Protocol  (L2TP).Not  having 
to  do  anything  at  all  because  the  software 
is  already  there  makes  for  a  pretty  easy 
installation. 

On  the  policy  side, some  vendors, such 
as  Secure  Computing  and  Cylink,  keep  a 
policy  file  (often  called  a  policy  blob)  sit¬ 
ting  on  each  client. This  is  problematic 
because  if  you  change  your  network  con¬ 
figuration  or  the  IPSec  tunnel, you’ll  need 
to  push  the  policy  blob  out  to  each 
client.  In  an  enterprise  environment 
where  not  everyone  has  the  same  VPN 
policy,  the  problem  is  exacerbated  be¬ 
cause  you  must  ensure  each  client  has 
the  appropriate  blob. 

A  better  enterprise  solution  is  to  use  a 
policy  server  that  works  with  the  client  to 
keep  the  policy  up  to  date.The  client 
connection  will  take  a  little  longer,  as  pol- 


Net  Results 
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Chick  Point  Point 


ActiveLane  V300Q  VPN 
Server  Appliance 


Company:  ActiveLane, 
(800)  276-0578,  www. 
activelane.com  Pros: 
Works  with  built-in 
Windows  2000/XP  client; 
integrates  with  Active 
Directory  very  cleanly; 
excellent  alerting 
Facilities;  good  reporting 
and  real-time  status. 
Cons:  No  real  firewall 
beyond  packet  filters; 
ard>  are  client  inflexible. 


VSU  lOOOConcentrator, 
VSU  5X  Hardware  Client 
VPNremote  Client 


Company:  Avaya,  (908) 
953-3348,  www.avaya.com 
Pros:  Automatic  policy 
update  for  multiple 
groups;  excellent 
RADIUS  support;  easy 
management  system 
installation;  simple 
hardware  client.  Cons: 
Hardware  client 
management  not  yet 
available. 


FireWall-1  NG  on  Nokia 
IP350,  Nokia  IP30  Internet 
security  appliance, 
SecureClient 


Company:  Check  Point 
Software,  (800)  429-4391, 
www.checkpoint.com 
Pros:  Automatic  policy 
update  for  multiple  groups; 
excellent  multigateway 
support;  excellent  client- 
side  firewall;  easy  to  fire¬ 
wall  VPN;  strong  multi¬ 
platform  support.  Cons: 
Single  gateway  per  man¬ 
agement  domain;  difficult 
to  manage  packet  filters. 


Cisco  VPN  3000  Series 
Concentrator,  Cisco  VPN 
3002  hardware  client, 
Cisco  VPN  Client 


Company:  Cisco,  (800) 
553-6387,  www.cisco.com 
Pros:  Automatic  policy 
update  for  multiple 
groups;  good  client-side 
firewall;  good  real-time 
status;  multiplatform 
support.  Cons:  No 
support  for  internal 
addressing;  no  RADIUS 
support;  poor  certificate 
support;  no  real  firewall. 


NetHawk  VPN  gateway  and 
clients,  Privacy  Manager 
for  NetHawk 


Company:  Cylink,  (800) 
533-3958,  www.cylink.com 
Pros:  Easy  management 
installation.  Cons:  No 
support  for  RADIUS  or 
certificates;  no  support 
for  multiple  user  groups. 


SafeSecure  Access  Policy 
Manager,  Integrated 
SafeSecure  Access 
Gateway,  SafeSecure 
Access  Client 


Company:  Imperito 
Networks,  (866)  467-3748, 
www.imperito.com  Pros: 
Very  simple  installation 
and  management;  easy 
client  and  policy  update. 
Cons:  Full  management 
system  difficult  to  install. 
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icy  versions  are  checked,  but,  in  return, 
end  users  never  have  to  wonder  if  they’ve 
got  the  right  version  of  the  policy 

Avaya,  Check  Point,  Cisco,  Imperito,  Net- 
Screen  and  Symantec  all  handle  this 
cleanly  and  elegantly  through  the  use  of 
policy  servers,  but  only  Avaya,  Check 
Point,  Cisco  and  NetScreen  let  you  main¬ 
tain  multiple  user  policies.  With  Imperito, 
all  users  who  connect  to  a  VPN  gateway 
get  the  same  policy.  Symantec  supports 
per-user  policies,  but  only  for  users  who 
are  entered  individually  into  its  internal 
authentication  database,  eliminating  the 
possibility  of  using  external  authentica¬ 
tion  servers  for  multiple  user  policies, 
which  makes  the  feature  useless  in  any 
sizable  deployment. 

Clients  also  are  subject  to  updates,  up¬ 
grades  and  patches.  Check  Point,  Cisco, 
Imperito  and,  to  some  extent,  NetScreen 
deal  with  this  problem  in  the  context  of 
the  VPN  policy  you  define.The  slickest  is 
Imperito’s  SafeSecure  Access, which  not 
only  manages  the  update  but  also  keeps 
track  of  what  Imperito  client  version 
each  user  has  on  his  machine. 

Check  Point  has  a  generic  software 
download  and  maintenance  system 
built  into  its  client,  not  just  for  the  VPN 
software,  but  for  anything  you  want  to 
upgrade  on  remote  users’  systems. 

For  network  managers  who  don’t 
want  to  learn  all  the  nuances  of  Check 
Point  remote  client  managements  sim¬ 
plified  version  can  keep  the  VPN  client 
up  to  date. 

The  same  question  of  deployment 
comes  up  in  hardware  VPN  clients.  Hard¬ 


ware  VPN  clients  are  little  boxes  with 
dual  Ethernet  ports  that  sit  in  front  of  one 
or  more  client  machines  and  off-load  the 
VPN  connection,  eliminating  the  need  to 
load  software  or  policy  on  the  end  sys¬ 
tem.  Because  hardware  clients  are  gener¬ 
ally  unattended  and  unmanaged,  getting 
policy  updates  to  them  is  a  particular 
problem. 

While  Avaya,  Check  Point,  Cisco,  Net- 
Screen  and  SonicWall  ship  hardware 
clients,  Cisco  and  Avaya  offer  the  cleanest 
hardware  client  management. 

With  Cisco’s  hardware  client,  you  tell  it 
the  IP  address  of  the  policy  server,  a  user- 
name  and  password  pair  with  which  to 
authenticate,  and  that’s  it.  Systems  behind 
the  hardware  client  are  encrypted  auto¬ 
matically  when  they  attempt  to  connect 
to  systems  the  VPN  protects.The  hard¬ 
ware  client  downloads  the  policy  as 
needed.  In  Avaya’s  model,  each  user  who 
passes  through  the  hardware  client  needs 
to  be  authenticated  individually  to  the 
policy  server  via  a  Web  page. 

NetScreen  and  SonicWall  treat  their 
low-end  VPN  systems  as  hardware  clients. 
These  hardware  clients  must  be  config¬ 
ured  using  a  model  different  from  simple 
remote  access. The  issue  is  that  these 
hardware  clients  are  managed  using 
push  techniques,  rather  than  pushing  pol¬ 
icy  from  a  central  server.  Push  doesn’t 
scale  well  or  work  well  even  in  small 
installations  if  the  hardware  clients  have 
dynamic  IP  addresses  behind  a  Network 
Address  and  Port  Translator  (NAPT)  box, 
which  is  typical  in  many  cable  modem 
and  DSL  remote  deployments. 


Another  aspect  of  managing  remote 
access  clients  is  getting  some  kind  of  con¬ 
trol  over  the  affiliated  pieces  that  have 
snuck  into  the  products,  specifically 
client-side  firewalls.  In  Check  Point’s 
model,  the  optional  client-side  firewall  is 
configured  using  an  interface  very  simi¬ 
lar  to  that  used  for  dictating  enterprise 
firewall  rules.  A  miniature  version  of  its 
firewall  packet  inspection  engine  is  in¬ 
stalled  on  the  client,  and  the  VPN  and 
firewall  configurations  are  packaged 
together  as  a  single  policy  blob, which  the 
central  policy  manager  automatically 
updates  and  controls. 

Security  managers  get  intense  and  pre¬ 
cise  control  on  what  the  client  can  do 
when  it’s  part  of  the  VPN. 

Cisco  and  NetScreen  also  do  a  good 
job  managing  client-side  firewalls.  Cisco’s 
interface  is  not  as  elegant  as  Check 
Point’s,  but  it  lets  you  set  primitive  packet 
filters  programmed  into  the  client  fire¬ 
wall  and  set  up  some  ties  with  other  cen¬ 
trally  managed  products  from  Zone  Labs 
and  Internet  Security  System. 

Cisco  and  NetScreen  also  offer  a  pos¬ 
ture  assessment  feature  that  lets  you 
block  VPN  connections  if  the  firewall  is 
not  currently  active. 

Most  of  the  other  vendors  package  a 
personal  firewall  with  their  VPN  client 
(ActiveLane,  Avaya  and  Cylink  are  excep¬ 
tions),  but  there’s  no  support  for  central 
policy  management  and  updating  inte¬ 
grated  with  VPN  management. 

■  Suited  for  enterprise  use? 

The  IPSec  standards  are  virtually  mum 


I 

on  the  topic  of  remote  access.  To  com 
pensate  for  this,  most  VPN  vendors  have 
extended  the  standards  in  several  ways 
While  departing  from  the  standard  is  us 
ally  a  bad  idea,  there  really  is  no  way  to 
build  a  good  IPSec  remote  access  VPN 
without  taking  liberties. This  reduces  in¬ 
teroperability  of  course,  and  ties  you  to  a 
single  vendor.  It  also  reduces  your  choice 
of  VPN  client  platforms.  Although  there 
are  IPSec  clients  for  virtually  every  plat¬ 
form,  without  the  vendor-specific  propri¬ 
etary  extension,  a  deployment  of  more 
than  a  handful  of  clients  would  be 
unmanageable. 

One  area  where  remote  access  and 
IPSec  collide  directly  is  in  NAT  and  NAPT 
support.  NAT  and  NAPT  are  techniques 
that  ISPs  use,  especially  in  broadband  en¬ 
vironments,  to  deal  with  the  shortage  of 
IP  addresses  by  having  multiple  users 
share  a  single  IP  address  or  set  of  IP  ad¬ 
dresses  as  their  packets  move  toward  the 
Internet. “NAT  is  the  kind  of  attack  that 
IPSec  was  designed  to  detect”  is  security 
designer  Dan  Harkins’  famous  quote. 
Nevertheless,  NAPT  and  some  kind  of 
dynamic  addressing,  such  as  Dynamic 
Host  Configuration  Protocol  (DHCP) 
client  or  Point-to-Point  Protocol  over 
Ethernet,  are  realities  in  virtually  all  broad¬ 
band  network  deployments.  A  solution 
that  doesn’t  support  NAPT  simply  won’t 
work,  and  this  is  one  reason  to  avoid 
ActiveLane’s  and  Secure  Computing’s  re¬ 
mote  access  VPN  products.  (ActiveLane 
actually  does  support  NAPT  when  using 
PPTPa  less-secure  alternative,  but  we  con¬ 
sidered  this  unacceptable  from  a  security 


^Symantec 


NetScreen  50,  NetScreen- 
Global  Pro  Express 
management  system, 
NetScreen  5XP  hardware 
client  NetScreen-Remote 
security  client 

Company:  NetScreen 
Technologies,  (408)  730- 
6000,  www.netscreen.com 
Pros:  Automatic  policy 
update  for  multiple 
groups;  multigateway 
support;  good  client-side 
firewall;  easy  to  firewall 
VPN.  Cons:  NAT/NAPT 
support  poor;  element- 
level  management. 


Sidewinder;  Safeword 
PremierAccess, 
SoftRemote  VPN  client 

Company:  Secure 
Computing,  (800)  379-4944, 
www.securecomputing 
.com  Pros:Token  enroll¬ 
ment  integration  elegant; 
easy  to  firewall  VPN; 
excellent  auditing.  Cons: 
No  support  for  internal 
addressing;  client  policy 
management  very  weak. 


SonicWall  Pro  300 
concentrator,  SonicWall 
Global  Management 
System,  Tele3  hardware 
client;  SonicWall  VPN  Client 
8.0 

Company:  SonicWall, 
(888)  547-6642,  www. 
sonicwall.com  Pros: 
Above-average  reporting 
tool;  easy  to  firewall  VPN. 
Cons:  No  support  for 
internal  addressing;  client 
policy  management  very 
weak. 


Symantec  Enterprise 
Firewall  with  VPN 

Company:  Symantec, 
(800)  441-7234,  www. 
symantec.com  Pros: 
Easy  to  firewall  VPN; 
many  authentication  links; 
excellent  auditing.  Cons: 
No  hardware  acceleration 
support  limits  total 
performance;  NAT  for 
internal  addressing 
dangerous. 


Who  didn't  come  out  to  play 

Although  we  had  a  very  strong  turnout  for  this 
test,  some  major  vendors  in  the  remote  access 
VPN  market  are  not  included  for  various  reasons. 

Nortel,  which  many  consider  a  leader  in  this  mar¬ 
ket  with  its  Contivity  product  line,  couldn't  provide 
resources  to  support  a  review  of  its  VPN  product. 

Enterasys  Networks,  which  purchased  remote 
access  VPN  vendor  Indus  River  in  2000,  was 
between  major  revisions  of  its  product  and  couldn’t 
get  us  software  and  hardware  in  time  to  partici¬ 
pate.  Similarly,  Alcatel,  which  purchased Timestep 
in  1999,  was  poised  to  release  a  major  update  to 
the  Timestep  Permit  product  line,  but  was  not  ready 
in  time  for  this  review.  Both  companies  started 
shipping  those  products  recently. 

WatchGuard  Technologies  submitted  hardware  to 
be  reviewed,  but  neglected  to  send  all  the  compo¬ 
nents  needed  for  a  remote  access  deployment. 
Although  WatchGuard  made  heroic  efforts  to  gel 
software  and  hardware  to  us  when  the  error  was 
discovered,  we  couldn’t  complete  the  review  of  its 
product  in  time  for  inclusion  in  this  review. 

—  Joe!  Snyder 
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The  bottom  line  on  per-user  pricing 

We  asked  participating  vendors  to  put  together  three  configurations 
for  us  to  compare  the  actual  price  per  user  for  their  products.  The 
100-user  price  includes  a  VPN  concentrator  suitable  for  up  to  1,000 
simultaneous  users  but  licensed  for  only  100  users.  The  1,000-user 
configuration  has  the  same  hardware  and  software,  and  client 
licenses  sufficient  for  1,000  simultaneous  users.  The  10,000-user 
configuration  is  VPN  concentrator  hardware  and  software,  and 
licenses  sufficient  to  support  10,000  simultaneous  users.  For  vendors 
that  supplied  only  software,  we  included  the  cost  of  appropriate 
server  hardware  in  the  price  to  reflect  more  realistic  costs. 


Price  per  user  in  dollars) 

$0  $50  $100 

ActiveLane  I  $7.00 
$7.00 


$150 


$200 


$250 


$300 


$69.95 


AvaVa  $4.10 
$5.99 


10,000  users 
1,000  users 
1 100  users 


$59.99 


Check  Point+ 
Nokia 


$40.00 
$52.30 


$162.95 


Cisco  $7.50 

$22.00 


$3.75 

$7.50 

$75. 

tn 

$42.70 


$89.95 


NetScreen 

$17.98 


Secure 
Computing  & 
Safeword 
Token  Authen¬ 
tication* 


Secure  $32.54 

Computing 


SonicWall 


$169.85 


$95.54 


$147.08 


$309.75 


$1.50 


Symantec  $io.OO 

8  $28.00 


$99.95 


•Secure  Computing  appears 
twice, once  as  a  software-only 
solution  and  a  second  time 
including  its  SafeWord  token- 
authentication  system. 


model  point  of  view.) 

Internal  addressing  is  another  nonstan¬ 
dard  extension  for  remote  access.  Net¬ 
work  managers  find  it  very  convenient  to 
control  the  IP  addresses  from  which 
clients  appear  to  come  when  they  appear 
on  a  corporate  network. This  helps  with 
internal  routing  in  more  complex  net¬ 
works,  because  it  is  important  that  packets 
that  came  in  via  the  VPN  also  go  out  by 
the  same  path.  In  addition,  internal  fire¬ 
walls  can  identify  which  users  are  VPN 
users  by  their  addresses,  which  can  sim¬ 
plify  access  controls  and  security  policy 
enforcement. 

Cylink  and  SonicWall  don’t  support  inter¬ 
nal  addressing  at  all.  NetScreen  and  Active- 
Lane  support  internal  addressing,  but  only 
if  you  run  L2TP  as  a  tunneling  protocol. 
The  simplest  case  is  to  simply  give  a  pool 
of  addresses  to  the  VPN  concentrator  and 
let  it  hand  them  out.  Solutions  that  support 
basic  internal  addressing  generally  let  you 
do  this. 

But  Check  Point,  Cisco  and  Secure  Com¬ 
puting  let  you  control  the  address  assign¬ 
ment  based  on  user  groups.  Cisco  and 
Imperito  also  will  go  to  a  DHCP  server  to 
get  an  address. 

Internal  addressing  is  one  of  those  fea¬ 
tures  for  corporate  VPNs  that  can  be  a 
showstopper.  If  the  details  of  how  inter¬ 
nal  addressing  is  implemented  are  not 
compatible  with  the  VPN  deployment 
architecture,  everything  might  fall  apart. 
This  is  why  it  is  critical  to  design  a  VPN 
before  selecting  a  product  and  then 
understand  exactly  how  these  subtle 
details  are  to  be  implemented.  Symantec 
implements  internal  addressing  by  doing 
the  address  translation  of  the  VPN  clients 
on  the  central  site  side.  It’s  a  clever  solu¬ 
tion  that  avoids  non-standard  IPSec,  but  if 
you  have  an  application  to  run  over  your 
VPN  that  is  difficult  to  translate  properly 
(such  as  VoIP  via  H.323)  or  that  isn’t  sup¬ 
ported  in  the  Symantec  NAT  code,  then 
you’ve  got  a  serious  problem. 

■  Authentication 

One  of  the  most  difficult  parts  of  a  re¬ 
mote  access  VPN  deployment  is  authenti¬ 
cation,  because  the  IPSec  standards  ad¬ 
mit  only  one  type:  public-key  infrastruc¬ 
ture  (PKI)-based  digital  certificates. Very 
few  companies  have  rolled  out  PKI  for 
user  authentication,  which  means  that 
the  only  way  to  build  a  workable  remote 
access  VPN  based  on  IPSec  is  to  go 
around  the  standards. 

NetScreen  has  developed  a  remote  ac¬ 
cess  VPN  authentication  process  that 
wraps  a  proprietary  protocol  around 
IPSec. You  authenticate  to  a  policy  server 
first,  using  NetScreen’s  client  that  gives 
you  a  copy  of  the  current  policy.  From 
then  on, you  use  standard  IPSec  func¬ 
tions  to  authenticate. 

In  our  testing,  we  assumed  that  any 
company  would  authenticate  using  one 
of  two  approaches.  The  first  uses  an  exist¬ 
ing  authentication  system  that  can  be 
connected  to  the  corporation  using  Re¬ 
mote  Authentication  Dial-In  User  Service 
(RADIUS),  perhaps  linking  to  tokens  or 
even  an  older  username/password  data¬ 
base,  such  as  the  Windows  authentication 
database. The  other  is  PKl-based  digital 


certificates  designed  for  multiple  applica¬ 
tions  and  stored  on  Smart  Cards.  We  test¬ 
ed  both  approaches. 

The  RADIUS  test  gave  us  the  least  trou¬ 
ble,  with  two  exceptions.  Neither  Imperito 
nor  Cylink  support  RADIUS-based  authen¬ 
tication.  Imperito  requires  that  you  main¬ 
tain  a  separate  user  database  for  the  VPN. 
As  a  former  managed  service  offering, 
Imperito  got  the  deployment  and  policy 
updating  piece  down  almost  perfectly  but 
completely  stumbled  when  it  came  to 
user  authentication. 

Not  everyone  insists  you  use  RADIUS 
for  legacy  authentication.  Symantec  will 
talk  to  a  Lightweight  Directory  Access 
Protocol  directory,  to  a  Windows  NT  do¬ 
main,  and  directly  to  Cryptocard,  SecurlD. 
S/Key  and  Defender  servers  for  your 
choice  of  token-based  authentication. 

ActiveLane  supports  RADIUS,  but  not 
with  any  panache. The  ActiveLane  server 
is  essentially  Windows  2000  Routing  and 
Remote  Access  Service  with  some  per¬ 
centage  of  the  many  Windows  user  inter¬ 
faces  replaced  by  a  Web  graphical  user 
interface  (GUI)  and  a  database  in  the 
back  end  for  management  and  reporting. 
Sometimes  the  interface  is  very  elegant; 
in  other  cases, you  get  dumped  directly 
into  a  Microsoft  Management  Console 
interface,  which  is  the  underlying  control 
structure  Microsoft  provides.  RADIUS  is 
one  of  those  edge  cases  where  Active- 
Lane’s  configuration  tools  don’t  help. 
However,  to  use  RADIUS  with  ActiveLane 
is  to  miss  the  point:The  idea  with  this 
server  is  to  authenticate  to  Windows, 
preferably  via  Active  Directory. That’s  why 
you’d  buy  this  product  —  because  it  has 
the  best  integration  with  Windows  of  any 
of  the  VPN  solutions. 

One  of  the  few  vendors  to  integrate 
VPN  services  and  the  enrollment  process 
of  assigning  a  token  to  each  user  into  a 
single  solution  is  Secure  Computing.  If 
you  haven’t  rolled  out  two-factor  authen¬ 
tication  and  want  to  just  for  your  VPN, 
Secure  Computing’s  product  will  save 
you  a  pile  of  time. The  company  inte¬ 
grates  the  sign-up  process  for  your  two- 
factor  token  with  a  Web  server  and  vastly 
simplifies  the  difficult  process  of  handing 
out  and  registering  the  tokens.  If  you 
don’t  like  the  VPN  server,  you  still  can  use 
the  enrollment  tool  kit  with  any  other 
VPN  products  we  tested. 

Testing  certificates  was  a  headache  be¬ 
cause  VPN  software  vendors  are  in  a  diffi¬ 
cult  position  with  certificates, so  making 
products  that  sort  it  all  out  is  difficult. 
Microsoft  built  a  beautiful  infrastructure 
for  managing  certificates  and  related  tech¬ 
nologies  (such  as  Smart  Cards)  into  Win 
2000  (and  XP).  If  you  use  its  Cryptographic 
API  (CAPI).then  you  automatically  sup¬ 
port  almost  every  card  reader  and  certifi¬ 
cate  format  on  earth.  However,  the  certifi¬ 
cate  part  of  CAPI  isn’t  available  in  Win¬ 
dows  98  or  NT.To  properly  support  certifi¬ 
cates,  you  need  two  implementations  of 
your  product:  a  CAPI-compliant  one  for 
Win  2000  and  above,  and  a  custom-writ- 
ten  internal  one  for  all  other  versions. 

Our  testing  was  based  on  Entrusts  PKI 
certificate  authority.  We  enrolled  our 
users  and  gave  them  certificates, stored 
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The  new  IBM  (©server  BladeCenter.™  Now  you  can  remotely  deploy  new  servers  in 
minutes  rather  than  hours  or  days.1  Inside  the  new  BladeCenter,  individual  blade  servers 
can  be  hot-swapped  in  and  out  of  a  single  chassis.2  And  because  BladeCenter 
uses  Intel®  Xeon™  processor-based  blades,  you  get  flexibility  without  sacrificing  the 
performance  you  need  for  your  data  center.  The  result  is  an  incredibly  dynamic  systems 
environment,  one  that  lets  you  easily  manage  and  integrate  your  storage,  network  and 
applications.  You  can  scale  out  to  add  capacity,  reconfigure  on  the  fly  and  create  an 
infrastructure  with  no  single  point  of  failure.  To  get  an  interactive  demo  on  BladeCenter,  or 
for  special  financing  information,  visit  ibm.com/eserver/bladecenter  or  call  1 800  426-7777 
and  mention  priority  code  102AX004. 
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along  with  their  private  keys,  on  Schlum- 
berger  Smart  Cards. 

Check  Point  wasn’t  fancy  —  it  supported 
CAPI  —  but  it  worked  just  fine. Without 
CAP1  support,  Imperito.SonicWall  and 
Cylink  were  nonstarters  in  the  certificate 
front.  Cisco,  in  theory,  supports  certificates, 
but  our  certificate  authority  had  a  key 
longer  than  the  2,048-bit  maximum  Cisco 
supports, so  we  couldn’t  test  it. 

ActiveLane’s  certificate  support  relies 
heavily  on  Active  Directory  integration 
with  the  Entrust  certificate  authority. 
Trying  to  just  use  certificates  without  inte¬ 
grating  into  Active  Directory  exceeded 
our  patience  because  there  is  no  reason 
for  Microsoft  and  ActiveLane  to  make  it 
so  difficult. 

Avaya  and  NetScreen  support  certifi¬ 
cates,  but  with  a  catch. You  need  a  user- 
name  and  password  to  log  on  to  the  pol¬ 
icy  manager  and  get  your  policy  So  if  you 
choose  to  authenticate  with  certificates,  it 
works  as  long  as  you  enter  your  username 
and  password  first.  NetScreen  works 
around  that  problem  pretty  well  by  sug¬ 
gesting  a  group  username/password. This 
is  used,  essentially  to  tell  the  policy  server 


which  group  you  want  to  join.  Once  you 
get  your  policy  then  it’s  your  certificate 
that  authenticates  you  to  the  VPN.  Because 
there  is  no  authentication  information  in 
the  policy  it’s  not  a  particularly  bad  thing  if 
the  group  username/password  gets  out, 
because  all  it  lets  you  do  is  download  the 
list  of  protected  networks  and  security 
gateways.  Still,  given  that  you  have  a  certifi¬ 
cate,  having  to  log  on  at  all  with  user¬ 
name/password  seems  like  you’re  missing 
the  benefits  of  certificates. 

■  Reporting 

Keeping  track  of  what  your  VPN  is  being 
used  for  seems  to  be  something  that  most 
vendors  regard  as  optional,  but  we  don’t. 
Only  ActiveLane,  Cisco  and  Imperito  offer 
basic  accounting  information  on  the  VPN. 
The  others  kept  us  in  the  dark  about  who 
was  consuming  resources.  For  all  the  talk 
about  the  need  for  tools  such  as  firewalls 
to  control  network  access,  the  amount  of 
reporting  to  come  out  of  those  same  tools 
was  often  weak. 

Auditing,  which  is  a  little  more  com¬ 
mon  in  the  security  world,  was  better 
supported.  All  the  vendors  had  some  way 
of  getting  at  least  basic  information,  such 
as  logons,  to  a  log  server. The  kings  of 
auditing  were  Symantec  and  Secure  Com¬ 


puting,  which  would  not  only  log  the  VPN 
session  itself,  but  also  any  application  con¬ 
nections  made  through  the  VPN  tunnel. 

We  also  looked  at  VPN  tunnel  control 
and  firewall  issues.  We  wanted  to  know 
how  much  control  you  have  over  a  partic¬ 
ular  VPN  tunnel  once  you  let  it  into  your 
network.Can  you  enforce  stateful  packet 
inspection  within  a  tunnel,  only  giving  ac¬ 
cess  to  specific  resources?  Because  IPSec’s 
control  mechanisms  are  fairly  coarse,  we 
wanted  to  see  what  additional  options  for 
tightening  access  to  resources  were  avail- 
able.The  boxes  that  are  primarily  firewalls 
—  Check  Point,  NetScreen,  Secure  Com¬ 
puting,  SonicWall  and  Symantec  —  all 
have  a  pretty  strong  ability  to  control  what 
happens,  even  after  the  tunnel  gets  into 
the  network.  Systems  that  are  primarily 
VPN  concentrators  —  ActiveLane,  Avaya, 
Cisco,  Cylink  and  Imperito  —  have  little  or 
no  additional  control. 

■  Operations  and  network 
management 

A  simple  question  network  managers 
want  answered  is:  Who  is  logged  onto 
the  VPN?  Depending  on  the  answer,  the 
next  step  could  be  to  log  off  that  person. 
We  were  amazed  at  how  many  of  the 
products  tested  couldn’t  handle  these 


simple  tasks.  Hats  off  to  Cisco  and  Active¬ 
Lane,  both  of  which  let  us  see  who  was 
logged  on,  and  log  them  off.  Imperito 
had  a  similar  feature,  but  you  couldn’t 
see  just  the  logged-on  users;  you  had  to 
dump  the  entire  user  database  to  see 
which  users  were  logged  on  or  not.That 
wouldn’t  be  too  useful  if  you  had  more 
than  100  users.  Avaya  let  us  see  who  was 
on,  but  wouldn’t  let  us  do  anything 
about  it. 

Check  Point  has  a  problem  on  this  front. 
We  evaluated  Firewall-1  NG  FP3  as  it  was 
coming  out  of  beta  testing  and  found  a 
number  of  stability  problems  with  the 
management  interface.  Sometimes  we 
could  not  push  changes  down  to  the  fire¬ 
walls,  and  other  times  the  monitoring  and 
alerting  part  of  Check  Point’s  GUI  would 
report  that  the  firewall  was  down  even 
when  it  was  working  fine.  As  far  as  we 
could  tell,  all  these  bugs  are  in  the  man¬ 
agement  side  of  the  house.  We  didn’t  have 
any  problems  making  VPN  tunnels  or  leak¬ 
ing  packets  through  the  firewall.  However, 
Check  Point’s  tool  for  looking  at  remote 
access  VPN  users  wouldn’t  even  start  up 
for  us, so  we  couldn’t  test  it. 

Cylink,  NetScreen,  Secure  Computing 
and  Symantec  gave  little  or  no  useful 
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IPSec  VPN  alternatives 

‘‘Clientless  VPN"  technology  is  catching  on  as  the 
term  that  describes  products  that  serve  as  an  alter¬ 
native  to  traditional  IP  Security-based  VPNs. 

These  products  come  into  play  when  an  IPSec- 
based  VPN  has  too  much  overhead,  has  too  many 
r .  proprietary  extensions,  is  too  expensive  or  is  too  lim¬ 
iting  to  solve  the  problem  at  hand.  Case  in  point:  An 
extranet-type  VPN,  with  hundreds  or  thousands  of 
companies  participating,  would  be  almost  impossible 
to  manage  using  off-the-shelf  IPSec  technology. 

Several  vendors,  including  Aventail,  Neoteris, 
Netilla,  SafeWeb  andTrueDisk,  have  introduced 
Secure  Sockets  Layer  (SSL)-based  VPN  security 
gateways,  while  Check  Point  Software  and  Nortel 
have  added  SSL-based  VPN  service  to  their  overall 
V,'.  VPN  products. 


The  key  to  SSL-based  VPNs  is  a  client  application 
available  on  everyone’s  computer:  the  Web  browser. 
An  end  user  launches  a  Web  browser  and  then  con¬ 
nects,  using  HTTP-over-SSL,  to  the  SSL  security 
gateway.  After  the  SSL  gateway  authenticates  the 
user,  it  proxies  the  connection  —  typically  using 
HTTP  —  to  a  Web  server  inside. 

One  common  application  example  is  Web-based 
e-mail,  such  as  Outlook  Web  Access  (OWA),  the  Web 
front  end  to  Microsoft's  popular  Exchange  mail  sys¬ 
tem.  By  dropping  an  SSL-based  VPN  server  in  front 
of  an  OWA  Web  server,  a  network  manager  can  add 
encryption,  authentication  and  control  without  putting 
the  additional  load  of  SSL  encryption  directly  on  the 
OWA  server. 

In  this  context,  SSL-based  VPNs  not  only  encrypt 
the  traffic  passing  over  the  Internet,  but  also  keep 
the  unwashed  masses  from  having  direct  contact 


with  an  Internet  Information  Server. 

Some  vendors  have  taken  the  idea  of  SSL-based 
VPNs  even  further  by  including  protocol  translators 
in  their  products. These  gateway  between  the  client- 
side  HTTP-over-SSL  and  different  protocols  on  the 
inside.  This  lets  you  browse  your  file  system  over  the 
SSL  VPN,  for  example. 

The  security  model  used  in  SSL-based  VPNs  is 
weaker  than  the  one  used  in  IPSec.  There  are  more 
opportunities  for  outside  attack,  the  cryptographic 
model  is  not  as  robust,  and  the  authentication  is  not 
as  strong. 

Additionally,  there  are  many  applications  that  don't 
work  over  SSL-based  VPNs.  But  for  many  applica¬ 
tions,  an  SSL-based  VPN  can  provide  sufficient 
security  with  almost  none  of  the  headaches  of  a  full 
IPSec-based  remote  access  product 

—  Joel  Snyder 
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products  and  services ,  Toyota  turned  to  Akamai 

to  instantly  extend  the  scale ,  performance  and 

reach  of  its  infrastructure  at  a  fraction  of 

the  cost  associated  with  traditional  build-out. " 

— Barbra  Cooper 
Group  Vice  President  and  CIO 
Toyota  Motor  Sales,  U.S.A.,  Inc. 
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When  Toyota  launched  a  series  of  online  marketing  initiatives  to  promote  new  vehicles,  consumer 
traffic  to  its  sites  began  to  multiply.  To  meet  the  needs  of  its  growing  audiences  without  over-provisioning 
its  network,  Toyota  turned  to  Akamai.  Our  distributed  content  delivery  approach  helps  Toyota  maintain 
top  site  performance.  By  extending  its  infrastructure  to  the  edge — closer  to  customers — Toyota  gains 
efficient,  reliable  delivery  of  highly  interactive  information,  such  as  sales  and  marketing  campaigns, 
while  maintaining  control  and  significantly  reducing  infrastructure  costs. 
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information  about  current  users  logged 
on  to  the  remote  access  VPN. 

Good  support  for  other  network  integra¬ 
tion  and  management  functions,  such  as 
per-user  or  per-group  bandwidth  manage¬ 
ment  and  integration  of  routing  protocols, 
was  sporadic. 


Cisco  had  a  nice  selection  of  routing 
protocols,  routing  options  and  bandwidth- 
management  tools  built  into  its  product. 
When  a  site-to-site  VPN  tunnel  or  remote 
access  user  came  up,  Cisco  could  inject  a 
route  into  the  network  to  let  the  rest  of  the 
world  know  that  this  site  or  user  had 
become  available. 

No  other  vendor  offered  the  same  level 
of  integration  for  both  routing  and  band- 
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Radware's  security  application  switch  provides  high  availability 
and  optimization  for  firewalls,  VPNs  and  IDS  devices. 


Prevent  DoS  attacks  while  maintaining  high  throughput  on 
your  network  and  thwart  more  than  450  attack  signatures 
with  Radware's  Application  Security  module  and  DoS  Shield. 


Protect  your  network's  critical  security  resources  with 
FireProof,  ensuring  that  firewalls,  VPNs  and  IDS  devices  are 
always  available,  optimized  and  secure. 


Choose  FireProof  for  intelligent  security  traffic  management. 
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width  management.  NetScreen  offered 
bandwidth  management  of  the  VPN,  but 
no  routing  (that  is  slated  for  its  next 
major  release). 

ActiveLane  offers  routing  and  band¬ 
width  management,  but  neither  is  inte¬ 
grated  into  the  VPN. The  same  is  true  of 
Check  Point  —  with  its  optional  product 
Floodgate,  you  get  some  bandwidth  man¬ 
agement,  but  that’s  not  part  of  the  VPN 
picture.  And  while  the  Nokia  platform 
on  which  we  tested  Check  Point  had  a 
range  of  routing  functions  built  in,  none 
talked  directly  to  the  VPN  part  of  the 
network.  Avaya  showed  up  with  a 
Routing  Information  Protocol  imple¬ 
mentation,  certainly  not  the  routing  pro¬ 
tocol  of  choice  for  enterprise  networks. 

■  Making  the  choice 

Picking  a  remote  access  VPN  product 
isn’t  hard  once  you’ve  taken  the  time  to 
define  your  requirements. 

You  need  to  nail  down  big  issues  such 
as  authentication  and  user  policy  manage¬ 
ment  or  you  won’t  be  able  to  narrow  the 
field  of  potential  vendors. 

From  there,  a  slew  of  less-important 
options  have  to  be  identified:  Do  you 
need  internal  addressing?  A  hardware 
client?  Macintosh  support?  Client-side  fire¬ 
wall?  High  availability?  Multiple  gateways? 
Firewall  within  the  tunnel?  Advanced  En¬ 
cryption  Standard  support?  NAT  support? 
All  these  are  small  in  themselves,  but  can 
turn  into  problems  if  the  answer  doesn’t 
match  your  requirements. 

A  proper  evaluation  requires  that  you 
start  with  what  you  want  first  and  only 
then  match  products  and  features  to  iden¬ 
tify  a  short  list  of  finalists.  Although  Cisco 
and  Check  Fbint  performed  well  in  our 
bottom-line  assessment,  each  has  limita¬ 
tions  that  might  be  deal-breakers  when  it 
comes  to  your  own  corporate-sized  VPN. 

Snyder  is  a  senior  partner  at  Opus  One  in 
Tuscon,  Ariz.  He  can  be  reached  at  joel. 
snyder@opus  1 .  com. 


Global  Test  Alliano 


■  Snyder  is  a  member  of  the  Network 
World  Global  Test  Alliance,  a  cooperative  of 
the  premier  reviewers  in  the  network  in¬ 
dustry,  each  bringing  to  bear  years  of 
practical  experience  on  every  review,  for 
more  Test  Alliance  information,  including 
what  it  takes  to  become  a  member,  go  to 
www.nwfusion.com/alliance. 

Other  members:  Mandy  Andress,  ArcSec; 
John  Bass,  Centennial  Networking  Labs.  North 
Carolina  State  University:  Travis  Berkley, 
University  of  Kansas;  Bob  Cumer.  Duke 
University:  Jeffrey  Fritz,  West  Virginia 
University;  James  Gaskin,  Gaskin  Computing 
Services;  Greg  Goddard.  University  of  Florida; 
Thomas  Henderson,  ExtremeLabs;  Miercom. 
Network  consultancy  and  product  test  center; 
David  Newman.  NetworkTest;  Christine  Perey, 
Perey  Research  &  Consulting;  Barry  Nance, 
independent  consultant.  Thomas  Powei,  PINT. 


in  a  world  of  “security  solutions”  ? 


SSH  Secure  Shell.  Essential. 

Poor  Packet.  It's  easy  to  get  lost  in  a  quagmire  of  complex  security  offerings.  Sometimes,  you  just  want  something  simple  —  that  works.  Like  SSH 
Secure  Shell.  We  invented  it.  It's  the  worldwide  de  facto  standard  —  essential  for  secure  remote  access,  with  millions  of  users  worldwide.  SSH 
offers  Secure  Shell  in  a  robust,  fully-supported  commercial  grade  release  that's  perfect  for  any  enterprise.  Once  launched,  it  provides  transparent, 
strong  authentication  —  encrypting  passwords  and  securing  communications  over  any  IP-based  connection. 

So  to  find  your  way  home,  come  visit  us  at  www.ssh.com. 


Tel  (650)  251  2700  •  Fax  (650)  251  2701  •  1076  East  Meadow  Circle,  Palo  Alto,  CA  94303  •  ipsec-salesCJSsrv  .nr 


*  2002  SSH  Communications  Security  Corp.  All  rights  reserved.  ssh;  is  a  registered  trademark  of  SSH 
Security  Corp  in  the  United  States  and  in  certain  other  jurisdictions.  SSH2,  the  SSH  logo,  IPSEC  Express,  SSH  Ce 
QuickSec,  SSH  Sentinel,  Making  the  Internet  Secure  and  Packet  the  Dog  are  trademarks  of  SSH  Communications 
Corp  and  my  be  registered  in  certain  jurisdictions.  All  other  names  and  marks  are  property  of  their  respective  owr 


Ready 
To  Take 
The  SAN 
Plunge? 

Storage  area  networks  are  making  a  pretty  big  splash 
these  days.  You’ve  heard  that  they  are  cost-effective, 
they  can  help  you  consolidate  storage  and  that  they 
improve  the  backup/restore  process. 

But  now  that  you’re  ready  to  take  the  SAN  plunge,  the 
waters  look  a  bit  muddy:  Howr  much  downtime  are 
you  facing?  Will  you  have  to  “rip  and  replace”  existing 
devices?  Which  technologies  and  components  will 
work  best  in  your  environment?  What  about  interoper¬ 
ability?  Scalability?  Performance? 

Building  a  storage  network  with  limited  time  and 
resources  can  be  an  overwhelming  task-  unless  you 
have  SANavigator"'  software. 


Look  Before  You  Leap 

SANavigator  lets  you  experiment  with  different 
possible  SAN  configurations,  rearranging  hardware 
and  adding  new  components  before  you  purchase 
them.  Industry  best  practice  rules  guide  you  as  you 
build  your  storage  network.  These  valuable  planning 
tools  save  you  time  and  money  and  can  help  you 
develop  a  SAN  that’s  ideal  for  your  business.  What’s 
more,  you  can  monitor,  manage  and  automate  your 
new  SAN  with  SANavigator. 

Before  you  dive  headlong  into  your  SAN 
project,  let  SANavigator  help  you  test  the 
waters. 

Go  to  www.sanavigator.com/seeit/plunge 
for  free  evaluation  software. 


SANavigator 

1-877-426-6639 
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JUSTIFICATION 


Seeking  security  skills 

Demand  remains  strong  for  IT  pros  who  know  how  to  safeguard  systems. 


■  BY  CAROLYN  DUFFY  MARSAN 

EBay  has  been  looking  to  add  a  security  engineer  to  its  10-person 
information  security  team  since  May  Despite  receiving  more  than 
100  inquiries  about  the  job,  the  leading  Web  auction  site  has  yet 
to  find  a  person  who  has  the  right  combination  of  experience 
with  firewalls,  authentication,  operating  system  security  and  net¬ 
work  security 


“The  hiring  manager  has  high  stan¬ 
dards,”  says  Connie  Bustillo.a  recruiter  for 
eBay.  “Overall,  we’re  not  finding  enough 
people  that  have  the  security  experience 
we  need.” 

EBay  is  not  alone.  Across  the  country,  IT 
shops  that  want  to  beef  up  network  secur¬ 
ity  are  having  a  hard  time  finding  network 
engineers  with  security  expertise. 

The  demand  for  network  security  spe¬ 
cialists  is  strong  despite  the  sluggish 
economy  and  widespread  cutbacks  in 
corporate  IT  spending. 

CIOs  anticipate  a  slowdown  in  the  hiring 
of  IT  professionals  during  the  fourth  quar¬ 
ter  of  2002,  according  to  a  recent  poll  of 
1,400  CIOs  conducted  by  staffing  firm 
Robert  Half  Technology. 

However,  these  CIOs  are 
moving  ahead  with  net¬ 
work  security  projects  and 
related  hiring. 

“I’ve  had  the  opportunity 
to  meet  with  many,  many 
CIOs  and  ask  them 
what’s  on  their  to-do 
lists  regardless  of  the 
economy”  says 
Katherine  Spencer 
Lee,  executive  direc¬ 
tor  of  Robert  Half 
Technology  “Eight  out 
of  10  say  security.  Net¬ 
work  security,  data  securi¬ 
ty,  viruses  —  it’s  every¬ 
thing  to  do  with  security’ 

Lee  says  network  engi¬ 
neers  who  have  ex¬ 
perience  with  security 
products  from  Cisco, 

WatchGuard  Technolo¬ 
gies,  CheckFbint  Software 
and  Internet  Security 


Systems  are  in  the  most  demand. 

Dice.com,  which  provides  online  recruit¬ 
ing  services  for  technology  professionals, 
says  security  skills  are  being  requested  in 
more  of  the  network  jobs  posted  on  its  Web 
site.  Dice.com  listed  6,800  network-oriented 
job  openings  at  the  end  of  August. 

“Some  knowledge  of  security  is  almost 
becoming  a  requirement  for  all  the  net¬ 
work  jobs,”  says  Jason  Medic,  director  of 
marketing  at  Dice.  “We  do  see  some  jobs 
coming  in  as  security  specialists,  but  the 
lion’s  share  of  what  we  see  are  for  core  net¬ 
work  designers  and  architects  with  hands- 
on  security  experience.” 

Having  a  security  certification  or  two 
makes  candidates  for  these  jobs  more 
attractive,  experts  say  But  IT  managers  pre¬ 
fer  experience  to  certifications. 

“Certifications  alone  will  not  work,”  Lee 


Security  salaries 


says.  “You  have  to  have  real-world  experi¬ 
ence  and  the  right  attitude.” 

Lee  advises  network  professionals  inter¬ 
ested  in  security  jobs  to  brush  up  on  their 
business  savvy  along  with  their  firewall 
and  VPN  skills. 

“Individuals  who  are  going  to  be  success¬ 
ful  in  a  security  center  are  not  just  those 
with  strong  technical  backgrounds  but 
those  that  truly  take  the  time  to  get  to  know 
the  business,”  she  says. 

Network  security  specialists  also  must 
understand  the  role  that  physical  secur¬ 
ity  and  human  resources  play  in  keeping 
IT  systems  safe,  says  Dave  Leighton,  CEO 
of  Risk  Analysis  Group,  a  security  con¬ 
sulting  firm. 

“Companies  in  the  past  segmented  their 
security  They  had  IT  security  separate  from 
physical  security  and  they  counted  on  HR 
for  watching  people,”  Leighton  says.  “Now 
we’re  seeing  companies  looking  at  security 
strategically’ 

Leighton  says  most  security  break¬ 
downs  occur  in  operations  rather  than  in 
network  security 

“Companies  will  spend  hundreds  of  thou¬ 
sands  of  dollars  on  IT  security  to  protect 
themselves  against  hackers,  but  they  have 
no  operational  plan  for  what  to  do  if  an  em¬ 
ployee  leaves,”  he  says. 

The  industries  that  are  most  active  in  hir- 


Overail  compensation  for  IT  security  professionals  has  risen  since 
last  year.  More  dollars  are  being  lumped  in  with  base  salaries  as 
bonuses  are  shrinking. 


Average  annual  security  base  pay 


Ql’01 

■  Director,  security 
■I  Manager,  security 

■  Web  security  manager 

SOURCE  FOOTE  PARTNERS 
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Average  annual  security  bonus 

$30,000 
$25,000 
$20,000 
$15,000 
$10,000 
$5,000 
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Data  warehousing/Business  intelligence  security  manager 
Senior  security  analyst 
Systems  administrator 


Security 

Subscribe  to  our  free  newsletter. 
DocFinder:  5434  www.nwfusion.com 


ing  network  security  specialists  are  chemi¬ 
cals,  energy  healthcare,  financial  services, 
business  services  and  government, 
observers  say 

“Security  budgets  are  one  of  the  few 
areas  of  the  economy  where  companies 
are  still  spending,”  says  David  Foote,  pre¬ 
sident  and  chief  research  officer  at  Foote 
Partners,  an  IT  workforce  research  firm. 
“The  really  smart  IT  people  are  going  into 
healthcare,  insurance  and  investment 
banking  to  get  experience  with  privacy 
and  security’ 

One  plus  for  network  professionals  with 
security  experience  is  higher  salaries. 
Total  compensation  for  corporate  secur¬ 
ity  positions  is  up  3.9%  from  the  first  quar¬ 
ter  of  2001  to  the  second  quarter  of  2002, 
according  to  a  recent  Foote  Partners  sur¬ 
vey  on  IT  security  compensation.  This 
compares  with  a  decline  of  9.4%  in  com¬ 
pensation  for  100  IT  positions  tracked  in 
the  survey. 

“Security  pay  is  outperforming  IT  pay  for 
the  second  year  in  a  row”  Foote  says,  add¬ 
ing  that  this  holds  true  for  salaries  and 
bonuses. 

Four  out  of  six  security  positions  now  pay 
$100,000  or  more  in  average  total  compen¬ 
sation,  the  Foote  survey  found. 

To  get  a  really  good  person  for  a  director- 
level  job,  you  have  to  pay  $124,600  salary 
and  a  bonus  of  $29,300,”  Foote  says.  “The 
director-level  job  is  clearly  where  compa¬ 
nies  have  to  put  the  biggest  carrot.” 

Foote  says  director-level  IT  security  jobs 
are  taking  as  long  as  12  months  to  fill  be¬ 
cause  it’s  hard  to  find  a  network  executive 
with  a  strategic  view  of  security,  an  under¬ 
standing  of  regulatory  requirements,  and 
strong  management  and  communica¬ 
tions  skills. 

“Security  has  never  been  managed 
well,”  Foote  says.“Security  people  are  con¬ 
sidered  hard  to  work  with  because  they 
slow  down  progress _ They’re  very  tena¬ 

cious  problem  solvers  and  have  extraor¬ 
dinary  attention  to  detail,  but  they  ques¬ 
tion  everything."  ■ 


Finally  -  the  missing  piece! 


Today's  ever-growing  data  centers  make  it  harder 
than  ever  to  get  hands-on  control  of  all  your  servers 
and  network  devices.  Now  you  can  have  direct 
access  to  every  device  in  your  data  center  from  any 
location,  all  from  a  single  screen.  Manage  and  maintain 
servers  in  your  local  rack  or  across  the  world. 


Total  system  control  over  analog  or  IP  connection 
means  complete  ‘at  the  computer’  troubleshooting 
from  anywhere. 

Now  it’s  all  falling  into  place.  Avocent's  advanced 
analog  and  digital  KVM  solutions  -  the  perfect  fit 
for  the  server  room  and  enterprise. 


For  the  complete  picture,  download  a  free  KVM  Tech  Guide  today  at 
www.kvmguide.com  or  call  1  -866-AVOCENT  (286-2368),  ext.  3006. 


Avocent,  the  Avocent  logo,  “The  Power  of  Being  There",  “KVM  over  IP",  DSR,  DSView,  DS1800,  and  CPS  are  trademarks  of 
A  .  i  ent  Corporation  All  other  marks  are  the  property  of  their  respective  owners.  Copynght  ©  2002  Avocent  Corporation. 


Avocent 

The  Power  of  Being  There^. 
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READY 


Request  for  your  FREE  CAS  booklet  at  www.cydc 


www.cyclades.com/nw 

1  -888-CYCLADES  1-888-292-5233 
510-770-9727 
sales@cyclades.com 
Fremont,  CA 


The  Cydades-TS  Series  of  Console  Access  Servers  provides  the  highest  port  density  and  security 
at  a  very  competitive  price.  By  using  Linux  as  the  embedded  OS,  it  offers  the  flexibility 
required  to  manage  our  dynamic  environment.  The  Cydades-TS  is  a  key  element  to  help 
us  keep  our  servers  up  and  running."  -  Pete  Kirm/er,  Manager  of  Site  Operations,  Yahoo!  Inc. 


Cydades-TS  Series 

Console  Access  Server 

1/4/8/16/32/48  RS-232  poi|s  oil 
First  Linux-based  Termi|awffli 
IP  Filtering,  RADIUS,  and 


©2002  Cyclades  Corporation.  All  rights  reserved.  All  other  trademarks  and  product  images  are  property  of  thier  respective  owners.  Product  information  subject  to  change  without  notice. 


mote  Console  Management  Solutions 


Access  Serial  Console  Ports...  from  Anywhere! 


y 


OUT-OF-BAND  +  TELNET 


■  Multi-Session  Telnet 

■  8, 16  or  32  Port  Models 

■  Non-Connect  Port  Buffering 

■  AC  and  -48VDC  Power  Options 


OUT-OF-BAND  +  MODEM 


■  Internal  33.6  Kbps  Modem 

■  Seven  DB-9  Serial  Ports 

■  Any-to-Any  Port  Switching 

■  Co-Location  Password  Features 


OUT-OF-BAND 


■  4,  8  or  16  Port  Models 

■  Port  Specific  Passwords 

■  Safe  “Break”  Features 

■  Datarate/Flow  Control  Conversion 


WTI's  family  of  remote  site  management  products  allows  network  administrators  to  manage  network  elements  located  anywhere.  WTI  designs  and  manufactures  in- 
band  and  out-of-band  console  and  terminal  switches,  remote  reboot  and  power  management  solutions,  rack  mounted  modems  and  automated  A/B  Fallback  Switches. J 

fUUl 

~i  ■  Features  included  in  all  Console  Switches 

FlD  WWW.Wti.COm  18001  854*7226 

western  telematic  incorporated  w 

5  Sterling  •  Irvine  •  California  9  2  6  1  8  -  2  5  1  7  ** 

eeping  the  Net.. .Working! 

Paul  L.  Greene 

Director  of  Information  Security 

NeuStar,  Inc. 
www.neustar.biz 


NeuStar  operates  the  registry  of  all 
North  American  telephone  numbers 
the  database  that  North  American 
carriers  use  to  route  billions  of 
telephone  calls  daily  and  runs  both 
the  .us  and  .biz  registries. 


I  V euStar's  unique  service  and  position  in  the  telecommunications  industry  make  it  a  target  of  attacks 
We  need  rock  solid'  security  and  a  vendor  who  understands  what  that  means  CyberGuard  was  the  first 
in  the  world  to  achieve  EAL4  certification  for  its  firewall  appliances:  that  really  impressed  us. 

“We  knew  they  would  be  capable  of  providing  the  level  of  sophisticated  security  suppod  we  needed  and 
we  have  not  been  disappointed:  their  technical  support  team  knows  security  and  CyberGuard  s  ability  to 
deliver  on  everything  they  promised  enabled  us  to  meet  our  tight  deadline  for  deliverables  Today  we  have 
CyberGuard  s  firewall  appliances  in  three  countries. 

“I  have  an  experienced  team,  but  on  more  than  one  occasion  I  had  to  enlist  the  help  of  a  junior  engineer 
to  install  the  firewall.  I  was  able  to  talk  them  through  the  process  over  the  phone  I'm  happy  to  report  that 
those  systems  have  been  functioning  in  a  production  environment  for  over  one  year  without  a  hitch  And 
CyberGuard  rocks  the  competition  in  the  performance  impact  category. " 


CyberGuard  s  security  solutions  are  found  in  Fortune  1000  companies  and  governments  worldwide  CyberGuard’s 
award-winning  premium  firewall/VPN  appliances  maintain  complete  separation  of  network  traffic  from  system 
components 


“Phone:  954.958.3878 

e-mail:  info@cyberguard.com 

For  white  papers  on  Rock  Solid  Security  go  to 

rpcksolid  cyberguard.com 

'Copyi'ijiil  2002  CypfcrGuara  Corporation  AN  rights  reserved 


DEFEND  YOUR  DOMAIN 


Introducing  APC's  New  NetworkAIR™  RM  Air  Distribution  Unit 


Benefits  of  APC's  Air  Distribution  Unit: 


As  heat  densities  continue  to  grow  at  an  alarming  rate,  the  traditional 
methods  of  distributing  air  in  a  computer  room  aren't  adequate  to  deliver 
the  necessary  airflow  required  to  cool  today's  data  center  environments. 


APC  presents  the  NetworkAIR  RM  Air  Distribution  Unit,  a  compact 
2U  rack-mounted  fan  unit  that  works  with  an  existing  precision  air 
conditioning  system  to  deliver  cool  air  to  the  equipment  contained  in 
a  rack  enclosure.  An  air  curtain  is  evenly  distributed  to  the  front  of  the 
enclosure  which  provides  consistent  temperatures  from  top  to  bottom. 


Visit  www.apc.com  to  see  APC's  complete  line  of  award-winning  power 
and  cooling  solutions. 


•  Increases  airflow  to  rack  equipment 

•  Works  in  both  raised  floor  and  non-raised  floor  environments 

•  Compact  2U  design 


•  Minimizes  air  mixing 


•  Helps  maintain  optimal  environment  for  high  reliability 


•  Improves  air  quality  through  30%  efficient  air  filtration 

(as  per  the  ASHRAE  52.1-1992  standard) 


EIA-310-D  enclosures  with  removable  bottom  plates 


•  Evenly  distributes  cool  air,  improving  air  circulation 
inside  the  rack 

•  Ensures  maximum  uptime  with  redundant,  dual,  independ¬ 
ently  controlled  blower  fans  and  A-B  power  input  feeds 

•  Fits  APC's  NetShelter®  VX  enclosure  or  other  19" 


The  compact  (2U)  Air 
Distribution  Unit  installs 
at  the  bottom  of  the  enclosure  and  sup¬ 
plies  an  air  curtain  to  the  intakes  of  equip¬ 
ment  located  within  the  enclosure,  evenly 
distributing  cool  conditioned  air  throughout. 


j« 


Legendary  Reliability 


Enter  to  WIN  a  FREE  NetworkAIR™  RM  Air  Distribution  Unit 

Visit  APC's  Web  site  at:  http://promO.  ape.  com  Enter  Key  Code  g480y  Call  888-289-APCC  x6479  Fax  401-788-2797 

©2002  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  NA2A2BF-USa 
E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA 
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The  Hub  of  the  Hetwork  Buy 
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New  kid  on  the  block? 
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The  GB-1000  Firewall/VPN  appliance  is  powered 
by  the  GNAT  Box  System  software  -  the  original, 
small  footprint,  high  performance  firewall  system  first 
introduced  in  1996.  The  GB-1000  is  deployed 
worldwide  by  organizations  that  desire  rock-solid 
operation  and  the  best  price/performance  ratio  on  the 
market  today. 

The  GB-1000  has  many  standard  features  including 
IPSec  VPN,  DNS  server,  failover  routing  and  DHCP 
services.  Optional  features  such  as  high  availability  and 
24x7  support  are  also  available. 


,es,  lnc 


Firewall  Appliance 


Years:  10 

GTA  has  10  years  experience  in  developing  quality  software.  Since  1994,  GTA  has  been 
producing  solid,  dependable,  ICSA  certified  firewalls,  with  a  powerful  feature  set  at  an 
affordable  price. 

NICs:  4+ 

The  GB-1000  standard  configuration  includes  4  built-in  10/100  NICs.  Expansion 
options  allow  the  addition  of  up  to  4  more  NICs,  including  Gigabit.  Each  NIC  is  fully 
addressable,  allowing  flexible  configuration. 

Users:  00 

The  GB-1000  has  an  unlimited  user  license  and  supports  128,000  concurrent 
connections.  Our  powerful  dynamic  network  address  translation  technology  and 
stateful  packet  inspection  engine  provide  all  users  with  transparent  Internet  access  and 
proven  network  security. 


Visit  our  web  site,  email  or  call  for 
more  information. 


r  Global  Technology  Associates,  Inc 

1-800-775-4GTA  •  www.gta.com  •  info@gta.com 


CERTIFIED 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 
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Observer 


$995 


Expert 

Observer 

s2895 


Observer 
Suite 
* 3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 


NETWORK 

INSTRUMENTS 


©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  “N  with  a  dot”  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 


You  could  be  relaxing 
on  a  bed  of  Roses 

v  -  .  _ 


Join  the  ranks  of  many  successful  companies  using  UltraLink,  call  Rose 
to  learn  more  about  KVM  Access  over  IP  as  well  as  KVM  Switches  and 
Extenders. 


as* 


UltraLink 


■  Connects  to  standalone  computers  or  any  KVM  switch 

■  High  quality  16-bit  video  at  up  to  1280x1024  resolution 

■  Easy  to  install,  give  it  an  IP  address  and  run  the  Viewer 
program,  no  user  license  required 

■  Encrypted  communication  produces  highly  secure  operation 

■  Scaling  and  scrolling  features  for  maximum  flexibility 

■  Single  mouse  cursor  simplifies  user  interface 

■  See  four  servers  from  one  screen  with  quad  screen  mode 

■  Lifetime  free  flash  upgrades 


Rose  Electronics 
10707  Stancliff  Road 
Houston,  TX  77099 


USA  toll  free 
ROSE  US 
ROSE  Europe 
ROSE  Asia 


800  333  9343 
281  933  7673 
+44  (0)  1264  850574 
+617  3427  5353 


WWW.ROSE.COM 


UltraLink  sets  a  new  standard  in  remote  management  of  server  room 
environments.  It  saves  you  money  by  allowing  you  to  centralize  your  IT 
resources.  Since  it  does  not  depend  upon  software  loaded  on  your 
computers,  it  deploys  easily  and  works  on  any  operating  system,  such 
as  Windows,  Linux,  Solaris,  Unix,  or  OSX. 


The  UltraLink  digitizes  the  remote  computer's  video.  It  then  scales, 
compresses,  encrypts,  and  packetizes  it  into  the  TCP/IP  protocol.  At 
your  PC  the  free  Viewer  application  receives  and  displays  the  video  and 
sends  back  keyboard  and  mouse  data.  This  process  allow  you  to  access 
remote  computers  from  anywhere. 


Rose  is  a  leading  manufacturer  of  switching,  extension,  and  access 
products.  As  a  KVM  industry  pioneer,  Rose  is  known  for  its  technically 
superior  and  price  competitive  products. 


ELECTRONICS 


AppDancer  /  FA 

-*■  Network  Flow  Analyzer 

•  An  Easy-To-Use  Network  Viewing  Tool 

•  Email  •  Database  •  VoIP  •  Web 

•  Identifies  Problems  Causing  Slow  Downs 

•  Monitors  Applications,  Network  Devices, 
and  Network  Traffic 

•  Affordable 


WINNER1 


Free  Download! 

lww.AppDancer.com 


BEST  OF  INTEROP 

NETW^RLD+INTEROP 


O 

CMP 


IRFOSMIIOIIWEEI  EE  TIMES 


Call  Toll  Free 
800.82S.7S63 


AppDancer  Networks,  Inc. 

1 000  Holcomb  Woods  Parkway 
Suite  426 

Roswell,  CA  30076-2585  USA 

email  info@AppDancer.com 

telephone  770.643.6800  USA 
web  www.AppDancer.com 


Ph:  (800)555-7176 


($ Cables 


Qomplete  Fiber  Optic 

Jumper  Cable  Solutions 

Qowest  Price  Guaranteed* 
Qast  Turn  Around 

Same  Day  Shipping  -  Standard  items 
As  fast  as  48  hrs  -  Custom  Cables  ** 

Qustom  Configurations 

Any  Way  you  want ... 

SC,  ST,  LC,  MU.  and  MTRJ 
Multimode  and  Singlemode 
Duplex  and  Simplex 

Quality  Assured 

Each  Jumper  individually  tested 
Test  results  included 

0  year  Warranty 

Be  Confident  with  our  Jumpers 

Q 5.00  Off  Online  Orders 

With  Coupon  NW72202 

Offer  good  on  Web  orders  only.  Offer  expires  11/30/02. 


*  See  Web  site  for  details 

**  Lead  times  may  vary  depending  on  product  and  quantity 


www.gocables.com 


'  •  .,-u 


Securely  squash  junk  email,  viruses  and  pornography  without  the 
headache  of  integrating  new  software  or  hardware  into  your  current 
messaging  environment. 


Remove  the  frustration  of  constant  updates.  Get  control  over  email 
policy  configuration  and  enforcement. 


Find  out  about  a  free  trial  with  zero  risk  and  zero  integration  by  visiting 
us  at  www.mxlogic.com/nw  or  calling  877-MXLOGIC. 


CD  Logic 


Managed  Email  Firewall  Services 


www.mxlogic.com 

■ 


Self-Paced  Computer  Training 


"This  is  the  way  to  learn l" 

•  Media-Rich  Content 


•  Challenging  Labs 

•  Comprehensive  Tests 

•  Practical  tr  Proven 


Security+  Certification  $265* 


reg.  $355 


Introductory  Offer!  Limited  Time! 


1 5  Year  Anniversary  Savings! 

tfiltlll 

,%jS:  Sfi® 

Network + 

4  Sessions 

$  265 

reg.  S  355 

i-Net+ 

5  Sessions 

$  315 

reg.  $  425 

Windows  XP  Professional 

6  Sessions 

$  370 

reg.  $  495 

Windows  2000  Network  Security  Design 

3  Sessions 

$  195 

reg.  S  265 

Cisco*  MCNS 

6  Sessions 

$  710 

reg.  $  945 

NETWORK  •  ONLINE  •  CD-ROM  •  VIDEO 


Microtoft’  •  C  o  m  p  T  I  A  '  •  Novell*  •  Cisco-  •  Lotei*  •  Adobe*  •  Linus  •  CIW* 

1.800.865.0165  *  AvailableONLYatlearnkey.com/networld  IMlLeamKey 

©  2002  learnKey,  Inc.  IK082602  Source  Code  #4048 

'Limited  time  offer,  some  restrictions.  Prices  listed  are  for  Single-Users.  Please  call  for  Multi-User  pricing  and  Corporate  solutions. 


Seeking  Solutions  ...NTI  Has  The  Answers! 

MULTI-USER 
SERVER 
CONTROL 
IS  EASY! 

Control  from  two  computers 
to  hundreds  of  servers  - 

NTI  has  the  innovative  KVM 
solution  for  you. 


“I  want  flexible  control 
without  spending 
a  fortune!” 


ST-4X16-U 


UNIVERSAL 
MATRIX  SWITCH 


FREE  CATALOG! 

t  CAU  800-742-8324 


I  Users  individually  command  or 
simultaneously  share  up  to  512 
computers. 

I  Available  with  2,  4,  or  8  user  ports. 

I  Dedicated  internal 
microprocessors  that  emulate  the 
keyboard  and  mouse 
presence  to  each  attached 
computer  so  all  computers  boot 
error-free  100%  of  the  time. 

I  Crisp  and  clear  1900x1200 
resolution. 

I  Compatible  w/all  PCs,  SUNs  & 
MACs. 

km® 

I 

1275  Danner  Drive  •  Aurora,  OH  44202 
330-562-7070  •  FAX:  330-562-1999 


k  mm  KVM  SOLUTIONS 


BUY  ONLINE  at  www.ntil.com/sn 
Email:  sales@nti1.com 


With  broadband  connection 
everywhere,  why  not  take  your 
videoconferencing  with  you? 


For  more  information  about  ViGO,  call  1-800-418-5328. 


VCON  www.vcon.com 

VISUAL  COMMUNICATIONS 


Buy  •  Sell  •  Lease  •  Repair  •  New  •  Refurbished  •  Used 

www.wdpi.com  •  877.231.2451  •  cisco@wdpi.com 

121  Cheshire  Lane,  Minnetonka,  MN  55305  U.S.A. 


Cisco 


Routers 


Switches 

Hubs 

Voice  Over  IP 

Memory 

Security 

Interface  Modules 
Port  Adapters 
Wireless 


RLD 

PRODUCTS 


World  Data  Products  introduces  its  new  Cisco 
Router  and  Switch  poster.  It  provides  at-a-glance 
information  on  model  capacities,  interface  cards 
and  available  features. 

The  Cisco  Poster  is  a 
valuable  tool  for 
network  planning. 

Call  877.231.2451  or 
visit  www.wdpi.com 
to  request  your 
FREE  Cisco  Router 
and  Switch  poster. 


Cisco  Router 
and  Switch  Poster 
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using  Zero  U 

of  rack  space? 


9  Sentry  POWER  TOWER  :  Your  Zeno  U  Reboot  Solution 


16  remotely  addressable  power  outlets  — 
The  highest  density  available  of  any 
Remote  Power  Management  vertical  strip. 
30-amp  power  Input  feed  distributed 
across  16  outlets. 

Mounts  verticafly  in  your  equipment  rack  or 
cabinet  and  requires  Zero  U  of  rack  space. 
Load  Sense  provides  real-time  current 
monitoring  in  the  remote  screen  Interface 
and  through  a  built-in  LEO  display  for  on¬ 
site  measurement 

Power-up  sequencing  of  alt  16  outlets 
prevents  an  In-rush  current  overtoad. 
Talnet,  SNMP,  Modem  or  RS-232  Interfaces  for  easy, 
practical  and  secure  power  management  of  remote 
Internetworking  equipment. 


3U 


Install  the  new  Sentry  Power  Tower  in 
your  data  center,  NOC  or  co-lo  facility 
and  gain  the  advantage  of  remotely 
rebooting  up  to  16  of  your  equipment 
units  -  without  occupying  any  space  in 
your  rack  or  enclosed  cabinet 

Try  the  New  Sentry  Power  Tower  !n  your 
rack  or  cabinet  and  realize  the  benefits 
of  Intelligent  Power  Distribution  and 
*-  Remote  Power  Management 


See  our  complete  product  line  at  wwwservertech.com 
or  call  800835.1515  or  775^84.2000 


-  ' 

Another  great  product  from 

Server  Technology,  Inc 


INSTANTLY  SEARCH  GIGABYTES  OF  TEXT 


dtSearch 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


"Superb  ...  a  multitude  of  high-end  features"  —  PC  Magazine 

"A  powerful  text  mining  engine  ...  effective  because  of 
the  level  of  intelligence  it  displays"  —  PC  Al 

"Very  powerful  ...  a  staggering  number  of  ways 
to  search"  —  Windows  Magazine 

"Impressive"  —  PC  Magazine  Online 

"A  tremendously  powerful  and  capable 
text  search  engine" —  Visual  Developer 

"Intuitive  and  austere  ...  a 
superb  search  tool"  —  PC  World 


Fast,  precision  searching 

♦  over  two  dozen  text  search 
options 

♦  indexed,  unindexed,  fielded 
and  full-text  searching 

Organization-wide  reach 

♦  highlights  hits  in  HTML  and  PDF 
while  keeping  embedded  links 
and  images  intact 

♦converts  other  file  types  —  word 
processor,  database,  spreadsheet, 
email,  ZIP,  XML,  Unicode,  etc.  — 
to  HTML  for  display  with 
highlighted  hits 

1-800-IT-FINDS 
www.  dtsearch.  com 

sales@dtsearch.com 


Desktop 

Find  anything, 
anywhere, 
instantly  ♦  $199 


Spider  and  search 
Web  sites  ♦  included 
with  all  products 


Network 

Search  the  many 
forms  of  data  that 
exist  across  a  large 
enterprise  network 

♦  from  $ 800 


Publish  a  searchable 
database  to  CD.  DVD 

♦  from  $2,500 


Text  Retrieval 
Engine 

Add  power 
searching  to 
a  product 

♦  extensive 
sample  source 
code  in  multiple 
programming 
languages 

♦  from  $999 


Web 


Add  instant 
searching  to  your 
site  ♦  $999  per  server 


Stop  by  www.dtsearch.com 
for  30-day  evaluation  versions 
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Contact  these  companies  today  to  help  you  with  your  training  needs! 


Boson  Training  ^ 

(813)  925-0700 
I  www.bosontraining.com 
CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 

[  wireless,  CISSP 

PMG  NctAnalyst 

(800)  645-8486 
|  www.NetworkTraining.com 
Network  Forensic  Analysis  and 
Security  Training  and  Services 


Learnkey  Inc.  ^ 

(800)  865-0165 
www.leamkey.com 
Self-paced  online  CD  network 
certification  developer  bus/apps 

Transcender 

(615)  726-8779 
www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


[  WKMN  Trainins 

(415)  586-1713 
I  www.wkmn.com 
Comprehensive  introduction  to 
I  wireless  networking. 


George  Washington  Univ 

(202)  973-1175 
www.cpd.gwu.edu 
Oracle  MCSE  Network  Security 
UNIX/LINUX  I-NetVB.Net  XML 


IPexpert,  Inc. 

(866)  225-8064 
|  wwwipexpert.net 
CCIE,  CCNP,  CSS1,  CCNA,  Cisco, 
I  wireless,  CISSP 


CBT  Nuggets,  Inc. 

(541)  284-5522 
www.cbtnuggets.com 
IT  Certification  Videos 


I 
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Phone:  800-439-8558  or  718-894-7500 

56-29  56th  Drive,  Maspeth,  NY  1 1 378  USA  Fax:  7 1 8-894- 1 573 


We 


Sell 


CISCO 


New  &  Used 

■ 

Fully  Guaranteed 

■  ■■ 

Overnight  Delivery 

800.451.3407 


90  Castilian  Drive,  Suite  110,  Santa  Barbara.  CA  93117 


Routers 
Switches 
Interface  Modules 
Access  Servers 
Accessories 


www.nEtworkhardwars.com 

BUY  ONLINE 


IS! 


NETWORK  HARDWARE  RESALE®! 


ia  Victims 


Receive  an 
IRS  Tax 
Deduction 


Leukemia  Support  Group  Call  610-970-2705 

ng  cancer  victims  for  three  years 


IFOvii 

See  the  entire  (generation 
3.0  collection  at: 

BRETTS 

Lusj.r>tj.v.  Leather  poods.  Gilts 

'ww.suitcase.com 


The  Hub  of  the  Network  Buy 


FIBER  OPTIC 

InfiniBand 

FOR  SERVERS 

PCI-X,  2  PORTS  @  10  GBPS 

HIGH-SPEED  LINKS 

TO  300  METERS 

PMC  BOARDS  AVAILABLE 
FOR  CompactPCI 


FirstStar  Networks 


Tel:  781-899-6400 
www.FirstStarNetworks.com 


FIBER  OPTIC 
SOLUTIONS 

•  T1/E1  &  T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS/400  Twinax,  and 
RS/6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO  -  9001 


»  a 
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Toll  Free  866-SITech-1 
630-761-3640,  fax  630-761-3644 

www.sitech-bitdriver.com 


- - — — ■ - 


Products 
purchased  os 


a  result  of 


Marketplace' ads. 


Y  Hubs 
S  Koubers 
*  Software 
training 
Memory 
products 
S  Ethernet: 
Curds 
Netware 
products 
^  Modems 
"S  Testing 
equipment 
'S  Multiplexers 
File-  Servers 
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CISCO  NORTEL 


UP  TO  85%  OFF 

CURRENT  TECHNOLOGY 

NEW  •  REFURB  /  BUY  •  SELL 


THIS  MONIH'S  HOT  SPECIALS 

Passport  8648TX  Enterprise  Routing  Switch  Module  (Refurbished) 

48  port  autosensing  10BASE-T/ 100BASE-TX  Ethernet  Layer  switching  interfaced 

Special  $4,800 

Cisco  2924- CXL  (Refurbished) 

22  Port  10/100  Ethernet  Switch  &  2  Ports  B-FX 

Special  $675 

While  Supplies  Last 

ASN2  Base  Unit  32  M  48V  Redundant  Power  (Refurbished) 

Special  $895 

16  MB  Nortel  Compatible  PCMCIA  Flash  Card 

Special  $225 

NLE  OFFERS  FREE  LIFETIME  TECHNICAL  SUPPORT 

SPECIALS  EXPIRE  11/15/02 

N0RTEL 

NETWORKS 


Cisco  Srsios 


caaerRon 

_ systems 


Bay  Networks^ 


NATIONAL  LAN  EXCHANGE  •  WWW.NLE.COM 


888-8LANWAN 

Call  for  Free  Quote!  (888a<852a*69 


We  sell.  buy.  anti  lease  the  best  new  and  refurbished  networking 
equipment  and  systems  at  die  lowest  prices  anywhere. 

Isn't  it  about  time  you  made  the  smart  choice? 

Trust  the  Experts  .  we  Specialize  In... 

Cisci  Systems 


jftntinental 

LO  M  P  U  T  E  R  5  smeetsu 


digital 


Authorized  COMPAQ. 

Reseller  SYSTEMS 

thaa*  logos  an  a  noamaft  ef  rwpact**  ccrroarma  and  aaracaa 


www.conticomp.com  •  310.416.1200 


WRCA.NET 

_  _  •  SXXT  800-690- 0722  _  „  

NEW  USED 


AUTHORIZED  RESELLER 
Access/Routers/Switches 
Cisco  Livingston  Ascend 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Computone  Digital  Link 
Modems  /  DSU  /  Muxes 
IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penril 
Racal  Telebit  Zoom 

WE  BUY  AND  SELL 
www.wrca.net 
800-699-9722 


SERVER  ROOM 

Temperature 

Sensors 

*129" 


As  Low  As... 


THl 


-iooTB 


THL-100 

(Battery  powered) 

THL-100  AC/DC 

(Continuous  monitoring) 

THL-100  AC/DC  Plus 

(Email  alarms) 

►  Records  Temperature,  Humidity  &  Light 

►  Time  Stamped  Data  for  Detailed  Analysis 

►  Windows-based  SmartSensor  Software 

•  Data  or  graphical  view 
•Easily  exports  to  common  spreadsheet 
software 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


_ 


For  more  information  on  advertising 
in  the  Marketplace,  STOP  everything, 
and  call  now! 
800-622-1108  ext.6465 
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IT  CAREERS 


© 


careers.com 
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SAW  Engineers  to  design,  develop 
and  implement  GUI  and  RDBMS 
systems  in  client/server  envir 
using  VB,  PB,  Oracle,  Dev  2000, 
Sybase,  MS  Access  under 
Windows  &  UNIX  OS;  create 
repeatable  reusable  process 
tor  handling  errors,  retrieval, 
updates,  data  download  and 
uploads;  interact  with  users  to 
document  system  requirements, 
limitations  and  functionality. 
Require  MS  or  foreign  equiv  in 
CS/Engg  (any  branch)  and  1  yrs 
exp  in  IT.  High  salary,  f/t.  Some 
travel  required.  Resumes  to 
Salem  Associates,  Inc.  405,  6th 
Ave,  Ste  102,  Des  Moines,  I A 
50309 


ShellSoft  has  several  openings 
for  computer  professionals.  At¬ 
tractive  wage  plus  full  benefit  pkg. 
Skills  in  following  areas  are  a 
plus:  Oracle.  SAP.  Java,  Unix,  SQL, 
VB.  Qualified  applicants  must 
have  BS  with  some  exp;  travel 
maybe  required.  Send  resumes 
to:  jobs  @  shellsoftinc.com. 

CDI  is  a  national  IT  companies 
with  over  30  offices.  It  is  looking 
IT  professionals  at  both  entry 
and  experienced  levels.  Applicants 
must  have  BS/MS  or  equivalent 
experience.  Must  have  US 
work  permit.  Please  visit  www. 
cdicorp.com,  find  positions 
match  your  skills  and  send 
resume. 


Senior  Business  Analysts:  Oracle 
Apps.  1 1  i,  PeopleSoft  8.0;  Apps 
DBAs:  Oracle  RDBMS  7.9i,  Orade 
Apps.  1 1  i  upgrade,  cloning  & 
migration,  ERWIN,  SQL  Server 
RDBMS.  SQL  Server  2000/7.0, 
Oracle  Developer  2000/6i,  Dis¬ 
coverer  4.4,  OFA  Express  Server, 
Omni  backup  HP  Open  View 
4. 1  /Measure  Ware  Agent,  Veritas 
Backup  Exec  7.0  Operating  sys¬ 
tems  Solaris  2.7/8,  HP-UX  11 
/1 1  i,  Windows  NT/2000  platforms; 
Senior  ERP  Programmer  Analysts: 

Oracle  PL/SQL.  Developer  2000 
/6i,  Designer  2000,  Oracle  Apps 
1 1  i  (modules-GL,  AP,  AR,  FA, 
PO,  INV,  OE/OM,  HRMS,  Service, 
OPM's  Manufacturing,  Inventory, 
OPM's  Multibatch  Management, 
C,  C++,  Java  2,  Pro'C,  Visual 
Gen  2.2,  Functional  Experience; 
Senior  Proorammer/Analvsts: 

Oracle  PL/SQL.  Oracle  9i/9iAS, 
Developer  2000/6i;  CRM  Pro- 
arammer/Analvsts:  Siebel  suite 
incl.  Communications  2000,  Call 
Center,  Energy  ‘00,  Tools  7.0 
Oracle  CRM  31  /1 1  i;  Senior  DBAs: 
Sybase  12.5,  Oracle  database 
9i.  Senior  Network  Engineers/ 
Certified  Microsoft  Trainers: 

MCSE,  MCT  &  Cisco  certifica¬ 
tions.  Prevailing  wage/benefits. 
Consulting  positions  requiring 
travel.  To  apply,  send  resume 
identifying  position(s)  interested 
to  HR,  BPO  Systems,  501 
Silverside  Road,  Suite  83, 
Wilmington,  DE  19809.  US 
Workers  Only.  EOE 


Ohio-based  Telecommunications 
consulting  company  seeking 
qualified  Software  Engineers 
/Systems  Analysts  possessing 
MS/BS  or  equivalent  and/or 
relevant  work  experience.  2  yrs 
relevant  work  exp.  must  include 
at  least  2  of  the  following:  Verilog, 
Vera,  C,  C++,  Perl,  VLSI/DSP 
Design.  Java,  Visual  Basic,  and 
Oracle.  Send  resume,  ref,  and 
salary  req  to:  ICSS,  Inc.,  816 
Morrison  Rd.,  Gahanna,  OH 
43230. 


opportunities 


m  careers.com 


where  the  best 
get  better 

1-8D0-7S2-2977 


Senior  Programmer  Analyst 
wanted  to  research,  design,  and 
develop  computer  software 
systems,  applying  principles  and 
techniques  of  computer  science, 
engineering,  science,  and  math¬ 
ematical  analysis,  using  COBOL, 
CICS,  MVS/ESA,  and  DB2.  40 
hrs./week.  Sam  to  5pm.  $ 
67,766.40/year.  Must  possess 
Bachelor's  Degree  in  Electical 
/Electronics  Engineering  or 
Computer  Science,  one  year  of 
experience  in  the  job  offered 
or  as  a  Software  Engineer/ 
Programmer,  and  six  months 
experience  with  COBOL,  CiCS, 
MVS/ESA  and  DB2.  Employer 
Paid  Ad. 

Please  send  resumes  to  MCDC 
/ESA,  PO.  Box  11170,  Detroit, 
Ml  48202-1170. 

Reference  No.  202651 . 


Prog/Analysts  to  analyze,  design, 
develop,  maintain  client  server 
web  appls  using  C,  C++,  Java, 
JDK.  JMS,  EJB,  Servlets,  JSP, 
UML,  HTML,  JDBC,  etc  on 
Netscape  Appl  Server  platform 
for  Sun  Solaris,  Windows  NT 
OS;  provide  on  site  customer 
support  and  maintenance;  trouble 
shoot,  debug,  modify,  fine  tune 
and  perform  code  optimization. 
Require  BS  or  foreign  equiv  in 
CS/Engg  (any  branch)  with  2 
yrs  exp  in  IT.  High  Salary,  f/t 
positions.  Travel  involved  to  client 
locations;  Resumes  to  COO, 
Synergy  America,  Inc.  1565 
Woodington  Circle,  Suite  101, 
Lawrenceville,  GA  30044 


Computer  -  Software  Engineers 
needed.  Seeking  qual.  cand. 
possessing  MS  or  equiv.  and/or 
rel.  work  exp.  1  yr.  of  the  rel.  work 
exp.  must  include  working  with 
coding  &  programming  on 
RDBMS.  Work  with  3  of  the 
following:  WebSphere,  ASP, 
VB  Script,  Oracle  RDBMS, 
Smartcode,  Java,  Clientbuilder. 
Fwd.  resume  &  ref.  to  Atlantic 
Data,  Inc.,  Attn:  HR,  1401 
Devonshire  Ct„  Tallahassee,  FL 
32317. 


Marketing  Information  &  Tech¬ 
nology,  Inc.,  d/b/a  ChoicePoint 
Precision  Marketing  has  an 
opening  for  System  Engineer 
/Solution  Architect.  This  person 
will  design  and  develop  database 
marketing  solutions  for  clients, 
participate  as  key  designer  of 
each  system,  develop  logical 
and  physical  process  models, 
develop  database  update  and 
output  processes,  produce  data¬ 
base  sizing  estimates,  and  cre¬ 
ate  and  maintain  database 
instances.  This  person  will  also 
evaluate  new  technologies  for 
use  with  company's  database 
solutions,  analyze  data  processing 
requirements,  and  plan  layout 
and  installation  of  systems.  Person 
will  evaluate  factors  to  determine 
hardware  configurations.  Person 
will  confer  with  data  processing 
and  project  managers,  and  be 
reviewed  by  the  CTO.  The  candi¬ 
date  must  have  a  Bachelor's  of 
Science  in  Computers  or  Engi¬ 
neering,  or  the  U.S.  equivalent, 
and  4  years  of  experience  in 
the  job  offered  or  as  a  System 
Analyst/System  Designer,  includ¬ 
ing  experience  designing  and 
developing  database  solutions, 
creating  and  maintaining  data¬ 
base  instances,  and  evaluating 
new  technologies  for  use  with 
existing  databases.  The  salary 
offered  is  $93,500,  and  the  work 
schedule  is  8:30  a.m.  -  5:30  p.m. 
Interested  applicants  submit  2 
copies  of  resume. 

Interested  applicants  send 
resume  to: 

Case  #2001 9592 
Labor  Exchange  Office 
19  Staniford  Street,  1st  Floor 
Boston,  MA  02114 


BUSINESS  ANALYST  (3  posi¬ 
tions)  -  Assess  business  needs 
of  clients  in  order  to  analyze, 
design  and  develop  customized 
software  apps.  &  systems  in  a 
client-server  environment  using 
C/C++.  RDBMS,  SQL,  Erwin 
Tools,  Visual  Basic  &  Visual  C++, 
Pascal.  Require:  Bach,  degree 
(or  foreign  equivalent)  in  Comp. 
Sci.,/Engg.,  Mgt.  Info.  Sys.,  or 
closely  related  field,  w'  1  yr.  exp. 
in  the  job  offered  or  as  a 
Prog./Sys.  Analyst.  Experience 
gained  before,  during,  or  after 
obtaining  the  Bach,  degree  will 
be  accepted. 

INFORMATION  SYSTEMS  EN¬ 
GINEER  -  Design,  develop  & 
implement  software  applications 
for  info,  systems  &  computer  net¬ 
works  in  a  client-server  environ¬ 
ment  using  C++,  Visual  C++, 
RDBMS,  SQL,  Erwin  Tools,  Visual 
Basic  and  Pascal.  Require:  Bach, 
degree  (or  foreign  equivalent)  in 
Comp.  Sci./Engg.,  or  closely 
related  field,  w'  2  yrs  of  exp.  in 
the  job  offered  or  in  the  design 
and  development  of  software 
apps.;  Exp.  must  include  2  years 
using  C++  and  Visual  Basic. 

All  positions  require  paid  travel 
on  long  &  short-term  assignments 
to  client  sites  within  the  U.S. 
Comp,  salary  &  benefits.  8a-5p, 
M-F.  Mail  resume  indicating 
which  position  you  are  applying 
for  to:  Patricia  Brown,  Manager, 
H.R..  Paragon  Solutions,  Inc., 
3625  Brookside  Pkwy.,  Ste  300, 
Alpharetta,  GA  30022 


Kansas  State  University  is  ready 
to  deploy  new  Oracle  Financials, 
Student  and  Advanced  Recruiting 
enterprise  applications  software 
to  replace  key  components  of  its 
core  central  administrative  appli¬ 
cations  software,  which  currently 
operates  in  the  System/390 
OS/390  CS-IDMS  DB/DC  envi¬ 
ronment.  KSU  Information  Sys¬ 
tems  Office  is  in  the  process  of 
recruiting  for  the  Legacy  Appli¬ 
cation  Systems  Empowered 
Replacement  (LASER)Project: 
(2)  Systems  Specialist-Financial 
Systems,  (3)  Systems  Specialist 
-Student  Systems,  Systems  Co¬ 
ordinator-Information  Integration 
and  Systems  Coordinator-Appli¬ 
cations  Deployment.  Website: 
http://www.ksu.edu/iso  Send  cover 
letter  and  resume  to:  Kansas 
State  University;  Information 
Systems  Office;  2323  Anderson 
Avenue,  Suite  215;  Manhattan, 
KS  66502-2912. 


COMPUTER  PROFESSIONALS 

Opportunities  for: 

•WEB  ARCHITECTS/ 
DEVELOPERS 

•  SYSTEMS  ANALYSTS 
•WEB  GRAPHIC  DESIGNERS 

•  NETWORK  ENGINEERS 

•  PROGRAMMER/ANALYSTS 

•  SOFTWARE  ENGINEERS 

SKILLS: 

•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA,  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML,  UML 

•  MTS  •  CLARIFY  •  PERL 
•OBJECTPERL  •  SPYPERL 

•  SMALLTALK  •  PL/SQL 
•VISUAL  AGE  •  COBOL,  SPL, 
UNIX 

Visit  our  website  @ 
www.computerhorizons.com 

Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H.R.  Mgr.,  Computer  Horizons 
Corp.  49  Old  Bloomfield  Avenue, 
Mountain  Lakes,  New  Jersey 
07046-1495.  Call  973-299-4000. 
E-mail:  jobs  @  computerhorizons. 
com.  An  Equal  Opportunity  Em¬ 
ployer  M/F. 


Performant  seeks  Prod.  Support 
Analyst  for  Bellevue  HQ  office. 
DESC:  Install  &  support  perf. 
mng.  s/w.  Config.  &  integrate 
enterprise  &  bus.  info.  sys.  apps. 
to  wk  w/  perf.  mng.  s/w  &  corp. 
app.  &  web  servers.  Write  shell 
scripts  &  C  progs,  in  UNIX  &  C 
prog.  &  code  debugging  in  UNIX 
&  Win  plats.  Conduct  capacity  & 
load  stress  testing  on  customers' 
prod,  test,  &  internal  sys.  util. 
Mercury  Interactive  load  testing 
tools.  Create  virtual  user  scripts 
util.  HTTP/web  &  C/C++  protocols. 
Engage  in  app.  testing,  debug.  & 
data  analysis.  Conduct  test  on 
integrated  environ.  Train  users 
on  s/w  prod.  &  anlyz.  test  data. 
REQS:  BS  in  Engr,  CS,  Math,  or 
Phys.  +  2  yrs  exp  gathering  func¬ 
tional  &  sys.  reqs.  for  s/w  impl. 
projects.  Install,  config,  &  inte¬ 
grate  enterprise  &  bus.  info.  sys. 
apps.  to  wk  w/  corp.  app.  &  web 
servers.  Write  shell  scripts  &  C 
progs,  in  UNIX,  C  prog.  &  code 
debug  in  UNIX  &  Win  plats.  Con¬ 
duct  capacity  &  load  stress  testing 
on  prod,  test,  &  internal  sys.  & 
peri,  analysis  of  data  resulting 
from  capacity  &  load  stress  testing. 
Writing  virtual  user  scripts  util. 
C/C++  &  HTTP  protocols.  Mercury 
Interactive  Certification.  Prem. 
sal.  +  bns.  &  benes.  Pis.  Reply  to 
E.KIinck,  Job#PI-101, 12715  Bel 
Red  RD.  Bellevue,  WA  98005. 


Senior  Software  Engineer.  40hrs 
/wk.  Will  create  complex  operation 
or  application  systems.  Provide 
analysis  related  to  design  &  dev. 
and  solve  problems.  Encode, 
test,  debug  &  document  programs 
on  complex  projects.  Revise  & 
update  programs.  Formulate  oper. 
systems  advancements  &  per¬ 
form.  improve.  Evaluate  impact 
of  software  perform.  &  recom¬ 
mend  changes  to  design.  Will 
lead  &  supervise  Software  Engi¬ 
neers.  Must  have  a  Bachelor's 
degree  in  Computer  Science 
and  4  yrs.  exp.  in  job  offered  or 
similar.  Please  send  resume  to 
Rene  Garcia,  Software  FX,  Inc., 
5200  Town  Center  Circle,  Ste 
450,  Boca  Raton,  FL  33486. 


VPD  has  openings  for  Sr.  Pro¬ 
grammer/Analysts  responsible 
for  all  programming  changes 
made  to  the  VPD  e-commerce 
web  site,  which  is  PROGRESS 
based.  Build  PROGRESS  based 
reporting  data  warehouse.  Mini¬ 
mum  BS/MS  plus  epx.  Send 
resumes  to  jobs@vpdinc.com 

IT  professionals  wanted  by  Allecon 
Stock  Associates.  Responsible 
for  design  of  IT  systems  for  stock 
option/purchase  administration. 
Applicants  must  have  minimum 
BS  with  1  -yr  exp.  using  J2EE,  ASP, 
Java,  etc.  Competitive  wage. 
Send  resumes  to  stockadmin 
@  allecon.com.  EOE. 


APPLICATION  ENGINEER, 
POWER  SYSTEMS 
GE  E.M.S.,  d/b/a  GE  Network 
Solutions,  a  leading  provider  of 
innovative  information  technology 
solutions  for  the  global  utility 
industry  has  an  opening  for  a 
Power  Systems  Application  En¬ 
gineer  in  its  Melbourne,  Florida, 
branch.  Job  responsibilities  in¬ 
clude  analyzing  and  defining  re¬ 
quirements  for  power  systems 
models;  designing,  developing, 
testing  and  implementing  enter¬ 
prise  application  integration  soft¬ 
ware  and  attribute  mapping  for 
the  integration  of  GE's  power 
systems  model  to  the  EPRI CIM. 
Individual  will  also  be  responsible 
for  creating  power  systems  model 
updates  and  documenting  all 
model  modifications.  Individual 
will  be  called  upon  to  utilize  C++, 
XML,  CIM,  Fortran,  Rationale 
Rose,  RDF  and  Object  Oriented 
Data  Modeling  Methodology  in 
the  design  and  modeling 
process. 

Qualified  individuals  will  have  an 
M.S.  in  Power  Systems  Computer 
Applications,  Electrical  Engineer¬ 
ing,  or  related  field  and  must 
possess  working  knowledge  in 
Power  Systems  Model  analysis, 
XML,  CIM,  C++,  Object  Oriented 
Data  Modeling  Methodology  and 
RDF. 

Applicants  should  send  their 
resume  by  surface  mail  only  to 
Michele  Duester  at  GE  Network 
Solutions,  1990  West  NASA 
Blvd.,  Melbourne,  FL  32904,  and 
must  reference  job  number 
2154WA. 


Corporate  Express  has  two 
openings  in  our  Broomfield.  CO 
office  for  Sr.  Systems  Analysts 
to  design  and  develop  order 
management  enterprise  resource 
planning  (ERP)  software  appli¬ 
cations  on  a  Sun  Solaris  operating 
system.  Successful  candidates 
should  have  a  bachelor's  degree 
or  foreign  equivalent  in  Computer 
Science,  Engineering,  Science 
or  related  field,  including  Physics 
and  at  least  two  years  experience 
designing  and  developing  order 
management  ERP  software 
applications.  Candidates  must 
also  have  working  knowledge  of 
Oracle,  Pro*C,  Sun  Solaris  and 
Java.  Respond  by  resume  to 
Amy  Krill,  Corporate  Express,  1 
Environmental  Way,  Broomfield, 
CO  80021  and  reference  Job 
#SSA. 


S/W  Engineers  to  analyze, 
design,  develop,  s/w  appls  using 
OS  like  MVS/ESA,  UNIX,  Win¬ 
dows  NT,  databases  such  as 
DB2,  Oracle,  Informix,  program¬ 
ming  tools  such  as  COBOL  II, 
Java,  HTML  etc  and  mainframe 
tools  including  FILEAID,  XPDI- 
TOR,  TSO/ISPF.  INFOPAC,  etc.; 
configure  client  server  appls, 
document  program  specs,  create 
appl  prototype  and  train  end 
users.  Require:  MS  or  foreign 
equiv  in  CS/Engg(any  branch)  & 
1  yr  exp.  in  IT.  High  salaries,  F/T. 
Travel  involved.  Apply  to:  HR, 
Smartsoft  International,  Inc. 
4898,  South  Old  Peachtree  Rd, 
Norcross,  GA  30071 


I71ET2S 

Network  Service  Solution# 

NET2S  is  a  leading  International 
Consulting  and  Engineering  firm 
specializing  in  communications 
technologies.  We  are  presently 
seeking  to  fill  the  following  posi¬ 
tions: 

•  Sr.Tibco  (RV,  Integration  Mgr) 
Developer 

•  TIBCO/TRIARCH  Systems 
Engineer 

•  Sr.  Security  Systems  Engineer 
All  positions  require  BS/MS 
degree  with  a  minimum  of  2  to  3 
years  of  experience  in  the  field. 
Must  possess  excellent  commu¬ 
nication  skills  as  well. 

NET2S,  82  Wall  Street  Suite  400, 
New  York,  NY  10005;  Fax:  (212) 
279- 1 960;  Phone  (21 2)  279-6565; 
or  Email:  iobus-nv@net2s.com 


Sr.  Network  Management  Soft¬ 
ware  Engineer.  Portsmouth  NH 
Design,  develop  $  test  secure, 
SSL,  web-based  user  interfaces 
&  services  in  support  0f  network 
mngmnt  of  Company's  next  gen¬ 
eration,  protocol  agnostic,  con¬ 
verged  Fibre  Channel  4  Ethernet 
switch,  that  is  to  be  deployed 
within  a  Storage  Area  Network 
(SAN);  develop  a  complete  object 
-oriented  framework  utilizing 
backend  Linux  scripts  written  in 
TCL,  Perl  &  BASH  to  make  SNMP 
requests  for  dynamic  web  page 
creation  &  display  of  the  mngmnt 
&  configuration  data  for  purposes 
of  switch  services  such  as  fault, 
configuration,  accounting,  per¬ 
formance  &  security;  work  indi¬ 
vidually,  as  well  as  within  a  team 
to  develop  a  distributed,  high- 
availability  switch  framework  so¬ 
lution  that  guarantees  an  industry 
stndrd  of  continuous  5  nines 
(99.999%)  uptime  of  the  switch 
&  its  srves;  develop  database 
schemas  &  data  models  for  pur¬ 
poses  of  design,  development  & 
test  of  standalone  SNMP  Agents 
through  which  the  web-based 
user  interfaces  &  services  can 
expose  internal  switch  services 
&  data.  Must  be  able  to  utilize 
XML.  DTD,  &  DOM  to  represent 
&  access  these  databases  through 
web  enabled  services;  develop  a 
distributed  web-based  solution 
for  concurrent  mngmnt  of  multiple, 
interlinked  Sandial  switches; 
Design  &  develop  web  pages,  in¬ 
terfaces,  services  &  applications 
utilizing  XML,  DTD,  DOM,  HTML, 
HTTP,  DHTML,  Javascript,  TCL 
&  Java  for  the  IIS  &/ or  Apache 
web  servers;  design  &  develop 
multithreaded  (Pthreads)  &  ob¬ 
ject-oriented  user-interface  ap¬ 
plications  &  Linux  based  web¬ 
page  interfaces  &  services; 
participate  in  the  data  modeling 
of  the  switch  services  mngmnt 
data  for  use  in  developing  a 
DMTF/CIM  object-oriented 
mngmnt  database  schema  & 
framework  consisting  of  a 
CIMOM  process  that  translates 
XML  over  HTML/HTTP  requests 
into  switch  configuration  changes. 
Develop  XML,  DTD  &  DOM  doc¬ 
uments,  data  models  &  database 
schemas  in  support  of  this  data 
modeling.  Supvr:  Manager,  Soft¬ 
ware  Design.  Supervise  0  staff. 
Salary  $75,000/yr,  40  hrs/wk, 
8:00  a.m.-6:00  p.m.  Educ.:  3  or  4 
yr  undergrad  degree  or  foreign 
equiv.  in  Computer  Science,  En¬ 
gineering,  Electronics  or  a  related 
technical  field.  Exp:  2  yrs  in  job 
offered  or  2  yrs  in  position  de¬ 
veloping  networking  &/or  enter¬ 
prise  network  mngmnt  solutions; 
2  yrs  exp  to  also  include  2  yrs  of 
exp  with  the  following:  Developing 
database  schemas  &  data  models; 
IIS,  TCLHttpd  &/or  Apache  web 
servers;  Development  of  multi¬ 
threaded,  object  oriented  appli¬ 
cations;  Development  of  web-page 
interfaces  &  services;  DTD  & 
DOM;  Development  &  deployment 
of  software  applications  for  use 
in  a  SAN  environment;  &  at  least 
three  of  the  following  technologies: 
TCL,  Perl,  XML,  DHTML,  HTML, 
HTTP,  Java,  JavaScript,  SSL. 
Applicants  must  send  two  (2) 
copies  of  their  resume/letters  of 
application  to  Job  Order  #2003- 
001 ,  PO.  Box  989,  Concord,  NH 
03302-0989. 


SYSTEMS  ANALYST  to  provide 
on-site  consulting  in  analysis, 
design  and  development  of 
business  applications  for  manufac¬ 
turing,  retail  and  service  industry 
using  CASE  tools  on  IBM 
AS/400;  customization,  implemen¬ 
tation  and  maintenance  of  ERP 
packages  such  as  JDEdwards 
and  support  bar  coding  software 
package  using  Websphere,  EDI 
and  development  tools  Visual 
Age  RPG  and  web  enabling 
legacy  applications  on  AS/400; 
provide  system  software  support 
on  Windows  NT,  SQL  Server, 
AS/400,  Coldfusion,  RPG,  C  and 
COBOL.  Require:  B.S.  (or  equiv¬ 
alent)  in  Computer  Science/ 
Electronics  Engineering  and  two 
years  experience  in  the  job  offered 
or  any  experience  providing 
skills  in  described  duties.  Two 
years  experience  must  be  on 
AS/400.  40%  travel  required  to 
client  locations  within  the  United 
States.  Salary:  $67,000  per  year. 
8am  to  5pm,  M-F.  Appiy  with 
resume  to:  Vice  President,  Frontline 
Consulting  Services.  Inc.,  8701 
Mallard  Creek  Road,  Chartotte, 
NC  28262. 
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User  System  Development  Ana¬ 
lyst  Work  Sched  8:0OAM-5:OO 
PM  40  hrs/wk.  $64,378.08  P/A. 
Engineer,  develop,  code,  & 
maintain  web  based,  multi  tiered 
application  in  Visual  Age  Java, 
divided  into  object  oriented 
programmed  classes  (business 
logic  &  business  processes), 
databases,  &  front  end  to  provide 
users  with  comprehensive  client 
history  to  determine  account 
history,  loan  delinquency,  eligi¬ 
bility  of  phone  pay,  &  payment 
extensions.  Use  Windows  Appli¬ 
cation  Programming  Interface 
protocol  &  COBOL  II  socket  in¬ 
terface  programs  to  access  data 
from  DB2  processing  in  Visual 
Basic  (VB)  client  server  applica¬ 
tions.  Design  &  develop  client 
server  business  systems  & 
Graphical  User  Interface.  Design 
&  develop  Crystal  reports  using 
VB,  for  the  Collection  Centers 
agents  to  be  used  to  recommend 
extensions  of  vehicle  loans. 
Generate  reports  based  on 
information  in  DB2  specifying 
criteria.  Test  &  code  rollout  of 
application  in  all  offices  &  call 
centers.  Support  vendor  appli¬ 
cations.  Western  Union  Phone 
pay  &  Moscix  Dialer  developed 
in  VB.  Master  (or  equivalent). 
Electronics  &  Communication 
Engineering.  One  year  experi¬ 
ence  in  job.  Employer  Paid  Ad. 
Send  resume  to  MDCD,  P.O.  Box 
11170,  Detroit,  Ml  48202,  Ref. 
No.  202718. 


Software  Engineer.  Work  Sched 
8:00  AM  -  5:00  PM  40  hrs/wk. 
$64,378.08  P/A.  Engineer,  de¬ 
velop,  mentor,  &  implement  Web 
applications  using  Object 
Oriented  methodologies,  JAVA, 
C/C++,  XML,  &.  SHELL  Scripts  in 
UNIX/Windows-based  systems 
including  Solaris,  Windows  NT 
/ 95.  &  DOS  in  a  Server-centric 
environment.  Engineer  &  support 
e-Business  &  Web  applications 
development,  including  JAVA, 
C/C++,  &  JAVA  Script,  &  using 
software  tools  such  as  Power  J, 
&  other  language  environments 
in  UNIX/Windows.  Integrate  Web 
applications  with  corporate  data 
Management  systems  (using 
DB2,  Sybase,  UDB,  &  Oracle), 
Finance,  Engineering,  Human 
Resources,  Procurements  Supply, 
International  S  Manufacturing 
Systems.  Utilize  UNIX/Windows- 
based  tools  to  facilitate  software 
applications,  upgradeability  S 
maintenance.  Educate  S  assist 
Intranet  Technical  Services 
Teams  to  implement  effective 
corporate-wide  Web  develop¬ 
ment/production  infrastructure. 
Engineer,  develop  S  support  e- 
Business  S  Web-based  applica¬ 
tions  for  Netscape  Enterprise,  S 
IBM  DGW/WebSphere  servers. 
Bachelor  (or  Equivalent),  Com¬ 
puter,  Electronics  or  Electrical 
Engineering.  Two  yrs  exp.  in  job 
offered.  Employer  Paid  Ad.  Send 
resume  to  MDCD.  P.O.  Box 
11170,  Detroit,  Ml  48202,  Ref. 
No.  202673. 


Computers  -  Compaque  Business 
Software,  Inc,  a  company  which 
delivers  innovative  IT  solutions 
to  business  clients  nationwide 
has  openings  in  Dallas,  TX  and 
Phoenix,  AZ.  We  have  immediate 
full-time  opportunities  for  Pro¬ 
grammers,  Engineering  Program¬ 
mers,  Programmer  Analysts. 
Systems  Analysts,  Software  En¬ 
gineers,  DBA's,  Consultants  and 
Software  Consultants  in  any  of 
the  following  areas:  INFORMIX, 
UNIX,  DB2,  CICS,  COBOL,  C, 
C++.  Visual  Basic  C++,  Access, 
PowerBuilder,  SQL.  SQL  Server, 
Visual  Basic,  Oracle,  Sybase, 
CORBA.  GUI.  OOD,  MFC,  Win 
NT.  Bachelor's  or  Master's  degree 
required  depending  on  position. 
We  also  accept  the  foreign  edu. 
equiv  of  the  degree,  or  the  degree 
equiv  in  edu  and  exp.  Excellent 
benefits.  Send  confidential  resume 
and  salary  requirements  to  HR, 
Compaque  Business  Software, 
Inc.,  2000  North  Central 
Expressway.  Suite  115,  Plano, 
TX  75074. 


Senior  Programmer.  37.5  hrs/wk, 
8:30  a  m. -5:00  p.m..  $62.000/yr. 
The  Senior  Programmer  will  per¬ 
form  PC  Programming:  help 
write  and  maintain  complex 
application  programs  and  sys¬ 
tems  In  Visual  Basic,  C++  and 
SQL  at  the  highest  technical  level, 
develop  detailed  system  design 
and  programming  specifications 
to  meet  information  requirements 
of  assigned  departments,  and 
resolve  systems  problems.  The 
Programmer  evaluates  users' 
requests  for  new  or  modified 
computer  programs  to  determine 
feasibility,  cost  and  time  re¬ 
quired,  compatibility  with  current 
system,  and  computer  capabili¬ 
ties.  The  Senior  Programmer 
functions  as  part  of  a  team  par¬ 
ticipating  in  the  design  and  en¬ 
hancement  of  new  or  existing 
systems;  designing,  coding,  and 
testing  new  programs  and  mod¬ 
ifications;  testing  of  existing  pro¬ 
grams;  interfacing  with  customer 
to  assist  in  the  implementation  of 
work  requests;  supporting  the 
data  processing  requirements 
of  the  employer's  companies; 
providing  customer  support  for 
production  systems  and  partici¬ 
pating  in  the  design  and  imple¬ 
mentation  of  application  software 
packages;  providing  support  to 
the  various  customers  in  resolu¬ 
tion  of  business  problems;  and 
coding,  debugging,  and  testing 
application  programs  using  C++, 
Visual  Basic,  and/or  SQL  program 
languages  in  a  Windows  95/NT 
environment  utilizing  Oracle, 
SQL  Server  and  1-2  years  of 
mainframe  experience.  Min. 
Reqs.  incl.  Bachelor's  degree  in 
Engineering,  Computer  Science, 
Mathematics  or  Business  plus  3 
years  experience  in  job  offered 
or  related  occupation  of  Systems 
Analyst  or  Programmer/Software 
Eng.  Applications  Developer. 
Must  have:  3  years  experience  in 
Visual  Basic  and/or  C++  and  2 
years  experience  in  SQL.  Expe¬ 
rience  in  Oracle,  SQL  Server, 
and  1  year  of  mainframe  experi¬ 
ence  required.  Applicant  must 
also  successfully  pass  the  NCS 
CPAB  (Computer  Programmer 
Aptitude  Battery)  test  adminis¬ 
tered  by  Employer  for  all  appli¬ 
cants.  Employer  Paid  Ad.  Send 
resumes  to  7310  Woodward 
Avenue,  4th  Floor,  Detroit, 
Michigan  48202.  Reference  No. 
202563. 


MANAGER,  Systems  Engineering 
sought  by  MA  IP  Infrastructure  & 
SW  Company,  Req'd  to  oversee 
dvlpmt  of  proprietary  s/ware 
programs,  comm  protocols  &  sys 
functional  specs  &  ensure  con¬ 
formity  in  set-up;  translate  mkt 
research  into  specs  for  products 
&  solutions;  create  test  plans  & 
troubleshoot  progs  to  ensure  qlty 
control  &  max  performance.  BS 
in  Elec  Engg,  Comp  Sci  or  Comp 
Engg  (or  equiv)  &  3  yrs  rel  exp  in 
Sys  Engg  Dvlpmt  or  Mgmt.  Must 
be  exp’d  in  H/ware  design  using 
VERILOG,  S/ware/F/ware  dvlpmt 
using  C/C++  &  Security  Protocol 
-IPSEC.  Send  resume  (no  calls) 
to:  F.  Baia,  HR  (Ref.  6MTS)Narad 
Networks  Inc,  515  Groton  Road, 
Westford,  MA01886 


Colorado  State  University,  a 
higher  education  institution,  seeks 
a  Unix  Systems  Administrator, 
General  Faculty,  to  work  in  Ft. 
Collins,  CO  to  install,  configure, 
implement,  and  troubleshoot  Linux, 
Solaris,  and  HP-UX,  workstations, 
operating  systems,  and  servers 
for  faculty,  staff  and  students  in 
the  College  of  Engineering.  Re¬ 
quires  B  S.  or  foreign  equivalent 
in  Computer  Science,  or  Electrical 
or  Electronics  Engineering,  as 
well  as  5  years  experience  as  a 
Unix  Systems  Administrator  for 
an  engineering  department  or 
college  in  a  higher  education 
research  institution,  including 
configuring,  installing,  and  trouble¬ 
shooting  all  necessary  computer 
systems;  and  working  knowledge 
of  Linux,  SAMBA,  NIS,  DNS, 
Solaris,  TCP/IP,  shell  scripts,  and 
Perl.  Respond  by  r  esume  to 
Mark  Ritschard,  CSU.  Engineering 
Network  Services,  Ft.  Collins, 
CO  80523-1301. 


Financial  Analyst 

Review  and  analyze  financial 
information  and  data  and  develop 
mathematical  and  statistical 
models  with  respect  to  worldwide 
petroleum  industry  and  com¬ 
modities;  design,  develop  and 
integrate  databases  for  use  in 
modeling  economic  and  financial 
trends  and  conditions  in  the 
petroleum  industry  and  petroleum 
markets;  and  prepare  financial 
forecasts,  reports  and  reporting 
systems  on  petroleum  products, 
petroleum  markets  and  general 
economic  conditions  and  trends; 
utilizing  FuzzyQuery  and  Analysis, 
Cluster  Analysis,  Data  Visual¬ 
ization,  SQL.  Linear  Equations, 
Data  Normalization,  EDI  Mapping 
and  Black  and  Schols  Model. 
Requires  M.S.  or  M.B.A.  or 
equivalent  masters  level  degree 
with  focus  in  finance  and  one 
year  experience  in  computer 
modeling  of  economic  phenomena 
involving  petroleum  commodities. 
Qualified  applicants  must 
presently  be  eligible  for  permanent 
employment  in  the  United 
States.  Successful  applicant 
must  be  able  to  perform  job  duties 
on  date  of  application.  40  hours 
per  week  (8:30  a.m.  to  5:30 
p.m.):  overtime  as  needed  without 
additional  compensation.  Position 
is  with  GP&W,  Inc.  d/b/a  Center 
Oil  Company.  600  Mason  Ridge 
Center  Drive,  St.  Louis,  Missouri 
63141.  Send  resumes  to:  John 
Niemi,  Chief  Financial  Officer, 
GP&W,  Inc.  d/b/a  Center  Oil 
Company,  600  Mason  Ridge 
Center  Drive,  St.  Louis,  Missouri 
63141.  EOE 


Vienna  VA  Consulting  Co.  seeks 
Sr.  Systems  Engineer  to  be 
responsible  for  managing  software 
development  including  require¬ 
ments  analysis,  specification  de¬ 
velopment,  user  interface  design 
and  development,  quality  control 
and  testing;  heterogeneous 
systems  operations  and  security 
design/control;  analytical  modeling 
of  Network  systems.  Min.  req: 
Master's  Degree  in  Computer 
/Electrical  Eng.  and  1  yr.  exp.  in 
job  or  job  related.  Must  have 
exp.  with  Unix  Operating,  Novell 
Netware,  Windows  NT,  C/C++ 
Languages,  VB,  MS-SQL  Server, 
Dbase,  FoxPro  and  Clipper  CA, 
OOD  of  Client/Server  Applica¬ 
tions  using  Power  Builder;  working 
knowledge  of  mathematical 
analysis  and  modeling  of  net¬ 
working  protocols.  Work  is  in 
Washington  DC.  Resumes  to 
H.R.  Dept.,  Resource  Consultants 
Inc.,  2650  Park  Tower  Dr.,  Vienna, 
VA  22180.  No  calls.  EOE. 


Seeking  qualified  applicants  for 
the  following  position  in  Colorado 
Springs,  CO:  Senior  Business 
Application  Analysts.  Manage 
business  aspects  of  IT  develop¬ 
ment  projects.  Requirements: 
Bachelor's  degree*  in  computer 
science,  mathematics,  statistics, 
accounting  or  business  plus  5 
years  of  experience  in  analyzing 
business  systems  and  developing 
technical  automated  solutions. 
Experience  with  analytical  report¬ 
ing  using  either  Focus,  SAS,  SQL 
or  business  intelligence  tools; 
and  project  or  program  manage¬ 
ment  also  required.  ‘Master's 
degree  in  appropriate  field 
will  offset  2  years  of  general 
experience.  Submit  resumes  to 
Recruitment,  FedEx  Corporate 
Services,  350  Spectrum  Loop, 
Colorado  Springs,  CO  80921. 
EOE  M/F/D/V. 


Software  Engineers: 

Design,  develop,  test  and  imple¬ 
ment  specialized  J2EE  applica¬ 
tions  in  Versata  Logic  Suite  with 
workflow  engine  in  DB2  and 
Websphere  on  Unix  while 
migrating  from  SAP  and  other 
legacy  apps.  Travel  to  Client 
Sites  for  on  site  development. 
U.S.  Workers  only.  Prevailing 
wage/benefits.  Send  resume  to 
Attn:  Vipul  Goel,  NetAppI,  Inc., 
2415  San  Ramon  Valley  Blvd., 
Suite  4140,  San  Ramon,  CA 
94583.  EOE. 


PROGRAMMER  ANALYSTS 
required  for  Louisville,  KY  office. 
Design,  develop  &  maintain  soft¬ 
ware  applications  using  Devel¬ 
oper  2000,  Designer  2000, 
VB,  Oracle,  Cobol,  C++,  Erwin; 
Develop  &  implement  client 
/server  applications  in  oracle 
financials  using  synchronization 
techniques  such  as  PL/SQL, 
Developer  2000  &  designer 
2000:  Perform  system  and  inte¬ 
gration  testing;  Develop  relation¬ 
al  database  system  in  oracle,  VB 
&  Windows,  Unix  environment. 
Bachelors  Degree  or  equivalent 
reqd  in  Computers,  Engineering 
Math  or  any  other  related  field  of 
study  +  2yrs  of  related  exp.  40 
hrs/wk.  Must  have  proof  of  legal 
authority  to  work  permanently  in 
the  U.S.  Send  resume  to  HR 
Manager,  Indacle  Software,  Inc. 
1 303  Clear  Springs  Trace,  #208, 
Louisville.  KY  40223 


Prog/Analysts  to  analyze,  design, 
develop,  test  &  maintain,  appls 
using  C,  C++,  Java,  HTML  Oracle, 
SQL  Server,  Delphi,  COSMOS, 
LISP,  etc.  under  Win  NT/2000, 
UNIX,  vxWorks  OS;  evaluate 
user  requests  for  enhancements 
to  existing  programs  &  creation 
of  new  programs,  determine  tech 
feasibility;  document  program 
dev  process,  logic,  coding,  and 
corrections.  Require:  B.S  or 
foreign  equiv  in  CS/Computer 
Engg  with  2  yrs  ofexp  in  IT.  High 
Salary,  F/T  position.Travel  involved. 
Resume  to:  HR,  Get  Proof,  Inc. 
3050  Royal  Blvd  S„  Ste  195, 
Alpharetta,  GA  30005. 


Programmer  Analyst 
Manh,  NY-  Software/Sys.  Dev. 
firm  seeks  qualified  indiv.  to 
analyze,  develop,  revise,  test,  & 
fine-tune  multimedia  presenta¬ 
tions,  under  supervision,  for 
clients.  Req'd:  BS  in  CompSci  or 
Tech  Field  &  1  yr  exp.  in  the  job 
offered.  Must  have  exp  in  Lingo, 
SQL  &  Install  Script.  Must  know 
Macromedia  Director  Software. 
Pis  send  res  to:  Cynthia  Carnesi, 
Interactive  Edge,  Inc.  18  W.  18th 
Street,  5th  Fl„  NY,  NY  10011 


UNIX  Administrator,  Textile 
Supplies  Company.  Must  have 
Bachelor's  Degree  in  Computer 
Science/related  field  or  equiv., 
and  2  yrs  exp.  in  UNIX  adminis¬ 
tration  in  HA  (MC/ServiceGuard) 
environment.  Maintain  and  ad¬ 
minister  all  technical  equipment, 
operating  systems,  and  applica¬ 
tions  for  mid-range  to  enterprise 
level  systems.  Proficiency  with 
Informix  databases.  Duties  include 
back-up,  recovery,  installation, 
upgrades,  development  support. 
40  hrs/wk,  9AM -6PM.  Competitive 
salary.  Send  resume  to:  National 
Linen  Service,  ATTN:  Danielle 
Strange,  1420  Peachtree  St., 
NE,  Ste.  500,  Atlanta.  GA  30309. 


♦ 


SOFTWARE  ENGINEER  sought 
by  human  services  management 
consulting  firm  in  San  Antonio, 
TX.  Must  possess  Master's  in 
Computer  Science  or  MIS  plus 
3  yrs.  exp.  Respond  by  resume 
only  to:  Corp.  Recruitment 
Manager,  P/Z.  MAXIMUS,  INC., 
11419  Sunset  Hill  Rd.,  Reston, 
VA  20190. 


S/W  Eng:  Design  Windows  and 
Unix  applications  for  streaming 
video  and  video  conferencing 
products  over  Ethernet  and  ATM 
networks  using  C,  C++,  and 
html.  Create  and  apply  DirectX 
/DirectShow  filters.  Create  players 
to  allow  user  to  set  preferences, 
convert  streams  to  different  for¬ 
mats  w.  Windows  media  format 
SDK.  Design  interfaces  with 
COM.  Apply  re  Ad  #4  to  B.  Meehan, 
VbrickSystems  Inc.,  12  Beaumont 
Rd.,  Wallingford,  CT  06492, 
email:  bridgetm@vbrick.com 


Programmer  Analyst.  Develop  & 
tune  web-based  apps  using  various 
s/ware  tools.  Bachelor  degree  in 
CS,  or  equiv,  req'd,  as  is  1  yr  exp 
in  a  P/A  position.  Prior  exp  must 
include  exp  w /  Visual  Basic, 
HTML,  &  ASP.  Competitive 
Salary.  Employer  located  in 
Austin,  TX.  Work  out  of  residence 
&  be  assigned  to  client  sites  in 
Atlanta,  GA.  Resumes  to  S.  Puri, 
Job  #1 629.70,  Business  Software 
Associates,  Inc.,  8140  N.  Mopac, 
Bldg.  1,  Ste.  130,  Austin,  TX 
78759. 


Programmers  &  Developers: 
Design,  develop,  test  and  imple¬ 
ment  specialized  applications 
as  per  custom  specifications  in 
ERWIN,  Oracle  Web  Portal,  Data 
Junction,  Data  Warehousing, 
Datamarts  and  Cognos  Bl.  Pre¬ 
vailing  wage/benefits.  Send  re¬ 
sume  to  Mr.  Chinna  Rao,  Bhargav 
Computer  Consulting  USA,  Inc,, 
42  Read's  Way,  New  Castle 
Corporate  Commons,  New  Castle, 
DEI  9720.  EOE. 


Software  Technology  Applications 
Analyst  (Trumbull,  CT)  Research, 
design,  &  develop  computer  soft¬ 
ware  systems  in  conjunction  w/ 
global  deployment  &  support  of 
e-business  applications.  Req'd: 
Master's  deg.  in  Electric  Eng'g, 
Comp.  Sci.,  or  related  field  &  3 
yrs  exp  as  Software  Engineer  or 
related  occupation.  Must  have 
exp.  w/  Vignette  V6  Content 
Management  Suite,  Oracle  Data¬ 
base  &  Java  Applications  (JDBC, 
RMI,  JavaBeans,  Servlets,  & 
JSP).  Send  Resume  to  General 
Reinsurance  Corporation  @... 
Bayard  Box  #002, 902  Broadway, 
10th  fl„  New  York,  NY  10010. 


Programmer  Analyst  and  Senior 
Programmer  Analyst  sought 
by  S.  Florida  based  company  to 
assist  development  and  mainte¬ 
nance  of  select  business  appli¬ 
cations  using  knowledge  of 
systems  development  life  cycle, 
case  application  development 
methodology  and  project  man¬ 
agement  principles  in  an  Oracle 
Client/Server  and  Web-enabled 
environment  using  Oracle  inter¬ 
net  development  tools.  Respond 
to;  HR  Dept.,  Attn:  Position  Code 
IT1002,  Cross  Country  Homer 
Services,  P.O.  Box  551540,  Ft. 
Lauderdale,  FL  33355-1540 


Software  Engineer.  8a-5p.  40 
hrs/wk.  Dsgn.  dvlp  &  implmt 
s/ware  systms  w/hardware  inter¬ 
face  using  Rational  Rose,  Java. 
Java  Script.  JSP.  XML.  HTML. 
Win  NT.  UNIX.  Educational  req: 
Masters  or  equiv  in  Comp  Sci 
/Engg.  Info  Systms/Technology. 
Electrical/Electronics  Engg  or 
related  field.  In  lieu  of  Masters, 
Bach  in  specified  majors  &  5 
yrs  of  progressive  work  exp  as 
Systems/Prgmr  Analyst  accepted. 
Resume:  Growmore,  Inc.,  941 
■O*  St„  Ste  724,  Lincoln.  NE 
68508. 


Sagarsoft,  Inc  is  seeking  com¬ 
puter  professionals  to  work  at 
various  locations  throughout 
the  US.  We  have  openings 
for  several  positions  including 
Software  Engineers.  Programmer 
Analysts,  Quality  Assurance 
Engineers,  DBA's,  Project 
Managers,  and  Systems  Admin¬ 
istrators.  We  are  seeking  applicants 
with  the  following  skills:  Sybase, 
Oracle,  C++,  VC++,  Pro*C,  FoxPro. 
SAS,  business  objects  among 
others.  Apply  to:  Sagarsoft. 
Inc,  78  Eastern  Boulevard, 
Glastonbury,  CT  06033 


Sr.  Software  Developer,  Newark, 
CA:  Skills  required  OS  (Tandem 
Mainframe);  Win  NT/OO/XP, 
Unix/Solaris,  ASP,  JSP.  Java 
Script,  VBScript,  HTML,  C,  C++, 
SQL,  IIS  4.0;  Web  Logic,  MS 
SQL  Server  6.5;  Oracle  & 
Ingress;  Comp  Sal  +  benefits;  BS 
in  CS/related  area  with  3  yrs  exp 
of  which  2  yrs  shall  be  w/in  the 
last  3  yrs;  Mail  resume  to  P.O. 
Box  176,  Newark,  CA  94560. 


Database  Data  Warehouse 
Developer/Administrator  needed 
to  develop  and  manage  the  data 
warehouse  system  and  web 
applications  for  the  Institutional 
Research  Office,  Kean  University. 
MS  in  CS.  CIS,  MIS  or  related 
field  required,  with  three  years 
experience  (pre-  or  post-MS)  in 
database  programming.  At  least 
one  year  must  include  creation 
of  dynamic  websites,  and  statis¬ 
tical  analysis  in  a  higher  education 
institution  environment  using 
SQL  Server  DTS,  ASP,  SPSS 
script  and  Colleague  Uniquery. 
Send  resume  to  T123,  Kean 
University,  1000  Morris  Ave., 
Union,  NJ  07083. 


Software  Engineers  needed  for 
NJ  IT  Co  to  analyze,  dsgn,  code, 
test  &  implmt  telecom  s/ware. 
Apply  to  Global  Consultants,  601 
Jefferson  Rd,  Parsippany.  NJ 
07054. 


IT 


where  the  best  get  better 

1-800-762  2977 


Become  a  lllicrosoft  Windows  2000  Security  Expert. 

It’s  easy.  Just  point  click  and  choose  the  format  that  works  best  for  you: 
•CD-ROm  •U!eb-Based  ‘Hands-On  •Uirtual  Classroom 

Uisit  lletSmart  today  at  www.nwnetsmart.com 
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documents.  And  it  finally  might 
be  a  feature  set  that  would  spur 
Office  upgrades,  which  have 
been  stagnant  over  the  past  years. 

The  addition  of  XML  support 
was  the  highlight  last  week  in  the 
introduction  of  the  first  beta  ver¬ 
sion  of  Office  11.  The  support 
means  Microsoft  finally  is  begin¬ 
ning  to  detail  how  Office,  which 
has  nearly  95%  of  the  desktop 
productivity  suite  market,  fits  into 
the  client  side  of  .Net,  Microsoft’s 
nebulous  strategy  for  building 
and  deploying  distributed  appli¬ 
cations  based  on  Web  services. 

In  addition,  Office  1 1  includes 
technology  to  tie  its  applications 
into  collaboration  and  instant¬ 
messaging  services  key  to  .Net 
that  are  being  added  to  the  oper¬ 
ating  system. 

“XML  is  beautiful,”  says  Francis 
Blay  a  Microsoft  Exchange  ad¬ 
ministrator  for  RWD  Technol¬ 
ogies,  a  consulting  company 
focused  on  enterprise  system 
integration,  manufacturing  and 
e-learning  software.  “If  you  save 
something  in  XML  it  is  ready  to 
plug  into  any  system.  It  gets  your 


Data  collector 

Microsoft  is  providing  support  for  XML  file  formats  in 
Office  11,  which  means  users  can  import  and  export 
data  to  any  number  of  systems. 


9*  t*  •**» 


r 


ra  . r.c-.. 


ISjT 


Fourth  Coffee:  Company  Report 

f&'rin  op  tad  on«S  <U«  coffee  -  Fevnfc  Coffet  it  rw'iin  Th<  Wl  »l  tp*dt/T\  cert"  t+UItt  ftneTh  Coffee 
rpnttn  5.400  itetM  in  •  v«i«y  «f  <«««*  •upe*  ikbmmU 

to  mrtt  rhtm  '0  craeddee  Fcrork  Coffee  coffee  (trade*  ted  beau  putiin.  tad  eefcei 

it4^f'  (it|n  u«dlMn|i  reffeeHikm  coffee  ftwidai  Md  tfre««e  ceeitueen  Tke  cueepeev  %le.' 
Mti  ra  traj  to  MMittii,  Stanm  Mm  tad  lad  i>  effwt  md  ] 


GB 


fid  UrPwce 

JtH 

H  WMk 

J!W 

SI***  low 

««* 

VaMme 

A  f1>eV 

121  Ml 

1*1  V)  C**y  Uewng 

»n 

JSC  C-e,  Uv.e*$ 

tJ  M 

vtmrar,  •*«*»■ 

12 

m 


IVwUove'** 

B 


Users  can  pull  in 
XML  data  from 
any  third-party 
source  into  a 
Smart  Document 
pane  inWord. 
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Users  simply  check  off  what 
data  they  want  added  to  their 
documents. 


data  ready  to  use  anywhere  in  the 
enterprise.”  Blay  also  says  integra¬ 
tion  between  Office  and  collabo¬ 
ration  features  being  added  in 
Windows  .Net  Server  could  elimi¬ 
nate  the  need  for  multiple  clients. 

“If  we  can  tie  our  conferencing 
and  collaboration  into  Office 
then  users  don’t  have  to  go  to  a 
third-party  client,”  he  says. 


None  of  those  possibilities  is 
around  the  corner  but  Microsoft 
must  begin  moving  in  that  direc¬ 
tion,  experts  say 
“This  is  about  the  idea  that 
Office  is  a  smart  client  around 
.Net,”  says  Simon  Marks,  product 
manager  for  Office.  “It’s  about 
Office  as  the  interface  to  a  lot  of 
other  functionality  It’s  more  about 


Start-ups  key  in  on  Web  services 


■  BY  JOHN  FONTANA 

Two  start-ups  last  week  intro¬ 
duced  products  that  should 
help  corporate  customers  mon¬ 
itor  and  manage  Web  services 
environments. 

Confluent  Software  rolled  out 
three  products  designed  to  help 
corporations  integrate,  manage 
and  monitor  distributed  appli¬ 
cations  built  with  Web  services. 
Meanwhile,  Mindreef  will  intro¬ 
duce  SOAPScope,  its  diagnostic 
tool  that  monitors  Web  services 
traffic,  much  like  today’s  net¬ 
work  monitors,  and  pinpoints 
problems. 

Both  companies  are  driven  by 
the  fact  that  most  of  the  Web  ser¬ 
vices  hype  has  focused  on  inte¬ 
gration  and  not  on  the  security 
and  management  shortcomings 
of  the  technology. 

"Web  services  may  be  great  for 
integrating  systems, but  they  don’t 
do  anything  to  manage  all  the 
connections  you  will  have,”  says 
Brent  Sleeper,  principal  and  co¬ 
founder  of  The  Stencil  Group 
onsultancy. Sleeper  says  Web  ser- 
ices  with  its  loosely  coupled 
nponents  could  result  in  dis¬ 


tributed  applications  that  have 
anywhere  from  one  to  1 ,000  con¬ 
nections  across  the  network. 

Confluent  says  it  hopes  to  ad¬ 
dress  this  issue  with  its  Core  Web 
Service  Integration  and  Manage 
ment  Platform,  which  is  made  up 
of  three  modules  —  Integrator, 
Manager  and  Analyzer. 

“With  Core, we  are  mapping  net¬ 
working  into  a  Web  services  con¬ 
text,”  says  Rajiv  Gupta,  Confluent’s 
co-founder.  Gupta,  who  helped 
pioneer  Web  services  as  the  gen¬ 
eral  manager  of  Hewlett-Pack¬ 
ard’s  failed  eSpeak  Web  services 
platform,  says  he  is  putting  what 
he  learned  to  work.  “The  scar  tis¬ 
sue  has  been  helpful,”  he  says. 

The  modules,  which  start  at 
$50,000,  run  as  applications  on  a 
variety  of  Web  Application  Ser¬ 
vers  including  BEA  Systems’ Web- 
Logic,  IBM’s  WebSphere,  Micro¬ 
soft’s  .Net,  Sun’s  Sun  One  and 
open  source  Apache  Tomcat. 

•  Integrator  is  a  traffic  cop.  It’s  a 
proxy  between  distributed  Web 
services,  and  defines  and  en¬ 
forces  policies  that  control  their 
interaction.  Integrator  also  logs 
activity,  provides  quality-of-service 
routing  and  acts  as  a  translator. 


•  Manager  extracts  information 
from  Integrator  into  a  console  of 
gauges  that  monitor  uptime/ 
downtime,  performance  levels 
and  security  violations.  It  exam¬ 
ines  the  headers  of  XML  mes¬ 
sages  based  on  Simple  Object 
Access  Protocol  (SOAP)  and 
tracks  their  behavior. 

•  Analyzer  is  for  business  exec¬ 
utives.  It  looks  into  the  payload  of 
SOAP  messages  and  extracts  busi¬ 
ness  information,  such  as  buying 
patterns.  Analyzer  also  can  gener¬ 
ate  alerts  based  on  pre-config- 
ured  performance  thresholds 
and  produce  activity  reports. 

Mindreef  also  is  targeting  SOAP 
traffic  with  its  SOAPScope.  The 
tool  captures  SOAP  messages 
from  a  network,  and  stores  and 
analyzes  them  as  a  means  toward 
tracking  down  interoperability 
problems  between  Web  services 
applications. 

“We  are  debugging  the  message 
traffic  in  Web  services  applica¬ 
tions,"  says  Jim  Moskun,  who  co¬ 
founded  the  company  last  year. 

Mindreef  initially  is  releasing  a 
developer’s  version  for  $99.  An 
enterprise  version  is  expected 
early  next  year.  ■ 


Office  as  a  client/server  inter¬ 
face  and  less  about  individual 
applications.” 

But  make  no  mistake,  it’s 
also  about  reviving  interest  in 
Office,  whose  new  feature  sets 
over  the  past  few  years  have  not 
created  an  upgrade 
stampede  among 
corporations. 

“They  really  need  to 
reshape  Office  to  get 
users  to  adopt  an¬ 
other  upgrade,”  says 

- z  Dana  Gardner,  an 

analyst  with  Aber¬ 
deen  Group.“Office  1 1  really  is  a 
shell  to  the  .Net  framework.” 

And  Gardner  says  Microsoft 
also  will  use  that  shell  to  entice 
independent  software  develop¬ 
ers  to  the  .Net  platform.“lt’s  a  real 
sugarplum  Microsoft  is  dangling 
to  [independent  software  ven¬ 
dors]  .  They  adopt  the  .Net  plat¬ 
form  and  Microsoft  gives  them 
entree  to  Office.”  Microsoft  last 
week  announced  an  alliance 
with  Siebel  Systems  to  more 
closely  tie  Siebel’s  line-of-business 
applications  to  .Net  and  Office. 

With  Office  11,  Microsoft  is  ad¬ 
ding  a  feature  called  Smart  Doc¬ 
uments,  which  allow  users  to 
pull  data  from  XML  sources  and 
insert  it  into  documents.  Micro¬ 
soft  also  is  developing  an  Office 
companion  called  XDocs,  which 
has  been  loosely  defined  as  a 
forms  technology  for  data  input. 
Office  11  will  have  a  research 
feature  that  lets  users  search 
XML  data  on  the  Web  or  in  cor¬ 
porate  repositories. 

That  feature  complements  XML 
support  in  SQL  Server  today  and 
the  forthcoming  Yukon  version  of 
SQL  Server  that  will  form  the 
basis  of  a  universal  file  system 
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for  Windows. 

Office  1 1  also  adds  Document 
Workspaces,  an  ad  hoc  docu¬ 
ment  collaboration  feature  based 
on  the  company’s  software  for 
creating  team  workspaces  called 
ShareFbint  Team  Services,  which 
is  being  added  to  Windows  .Net 
Server.  Another  feature,  Meeting 
Workplaces,  is  built  on  the  same 
technology  and  provides  tools  for 
managing  meetings  and  captur¬ 
ing  data.  Both  workspaces  will 
depend  heavily  on  instant-mes¬ 
saging  technology  that  also  is 
being  added  to  the  next  version 
of  the  operating  system. 

“It  was  inevitable  that  Microsoft 
had  to  create  a  way  to  have  an 
interface  on  the  desktop  for 
humans  to  interact  with  Web  ser¬ 
vices  so  they  could  create  and 
modify  data,”  says  Paul  DeGroot, 
an  analyst  with  Directions  on 
Microsoft,  a  research  firm.  He  says 
Microsoft  has  been  inching  in  that 
direction,  but  “the  thrust  in  Office 
1 1  is  quite  an  important  extension 
in  Web  services  development.” 

While  the  move  to  support  XML 
might  have  been  inevitable,  ex¬ 
perts  say  Microsoft  is  taking  a  risk 
by  opening  the  door  to  vendors 
that  might  build  a  better  Office. 

“If  you  allow  users  to  save  doc¬ 
uments  as  XML,  it  unleashes  the 
lock  Microsoft  has  on  the  desk¬ 
top,”  says  Ted  Schadler.an  analyst 
with  Forrester  Research. 

He  says  it  leaves  an  opportuni¬ 
ty  for  others  such  as  IBM  or 
Oracle  to  provide  back-end 
alternatives  to  Microsoft  servers 
that  could  feed  data  to  Office 
applications.* 
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ast  week  I  was  lamenting  the 
“anything  goes” sensibility  of  to¬ 
days  online  marketing  (www. 
nwfusion.com,  DocFinder:  2850). 

As  evidence,  I  cited  a  lewd  ad  for 
Lynx  body  spray  that  is  delivered 
using  technology  from  a  firm  called  EyeWonder. 

Reader  Rob  Davies  wrote: “The  Unilever  Lynx 
body  spray  ad  actually  plays  on  U.K.  broadcast  TV 
and  Satellite  channels.The  issue  here  is  the  Inter¬ 
net  erases  all  country  boundaries,  and  so  content 
is  accessible  to  consumers  in  a  region  where  the 
government  may  have  decided  that  it’s  inappropri¬ 
ate  for  them  to  see  as  local  content.” 

Davies  raises  the  interesting  issue  of  censorship 
and  the  ’Nets  role  in  circumventing  the  uncomfor¬ 
table  reality  of  our  elected  representatives  being  able 
to  tell  us  what  we  can  and  cannot  read  and  watch. 

And  when  you  think  about  it,  the  fact  that  we 
(the  people)  have  accepted  censorship  of  televi¬ 
sion  and  radio  without  much  more  than  a  mutter 
it  is  extraordinary. Try  to  take  away  our  guns  and 
we  are  outraged, yet  take  away  our  media  and  we 
shrug. This  says  something  profound  about  our  per¬ 
spective  and  priorities. 

It  is  curious  that  something  as  apparently  ephem¬ 
eral  as  the  Internet  has  emerged  as  such  a  profound 
agent  of  cultural  change.  But  while  that  change 


might  appear  in  the  balance  to  be  to  the  good,  the 
trend  of  Internet  society  is  apparently  toward  the 
lowest  common  denominator.  We  are  creating  an 
online  pop  culture  that  is  bigger  and  more  influen¬ 
tial  than  offline  pop  culture. 

Of  course,  how  could  it  be  otherwise?  The  eco¬ 
nomics  of  the  ’Net  are  such  that  it  is  no  longer  the 
sole  province  of  the  priests  of  technology  or  a  rich 
man’s  playground.  It  is  open  to  all  and  sundry 

The  ’Net  connects  anyone  to  anyone  who  wants  to 
be  connected  and,  because  anonymity  and  the 
adoption  of  a  new  persona  is  relatively  easy  the  nor¬ 
mal  constraints  vanish,  leaving  a  social  environment 
where  normal  standards  can  be  jettisoned  without 
much  risk  of  consequence. 

What  we’re  seeing  online  is  that  the  social  context 
has  changed  because  pop  culture  —  the  culture 
that  defines  our  society  —  online  is  distinctly  differ¬ 
ent  from  and  becoming  more  influential  than  its 
real-world  counterpart. 

To  begin  with,  ideas  online  move  faster  and  are  not 
driven  by  the  media  as  much  or  in  the  same  way  as 
offline. What  was  a  culture-shaping  offline  pop  meme 
yesterday  is  not  remembered  online  as  more  than  a 
retro  echo  of  fashion,  of  what  used  to  be  cool. 

This  represents  a  profound  change  in  the  public 
way  opinion  is  developed  in  the  market.This  change 
is  already  driving  advertisers  to  rethink  their  mes¬ 


sages  and  methodologies,  which  explains  the  rise  of 
some  of  the  online  practices  we  loathe, such  as 
spamming  and  pop-ups. 

Reader  Kate  Lowman  wrote: “The  Internet  has 
gone  from  1999-2000  when  you  could  do  anything 
and  make  a  buck,  to  the  2002  version  where  you  bet¬ 
ter  be  willing  to  ‘do  anything’  to  make  a  buck.” 

Let  me  make  a  prediction  here:  Over  the  next  year, 
watch  as  the  use  of  sex  as  an  online  selling  tool 
explodes.There  will  be  a  consequent  backlash  from 
the  conservative  side  of  our  society  and  the  potential 
for  reflexive  and  therefore  inappropriate  legislation 
will  skyrocket,  thus  legislation  for  control  of  online 
content  will  become  a  hot  political  issue.  And  this 
already  is  happening.  Last  week  1  quoted  the  CEO  of 
EyeWonder  who  said:“The  Internet  allows  you  to 
communicate  more  precisely  to  a  demographic  you 
want  to  reach  without  having  to  worry  about  Susie, 
who  is  6  years  old, seeing  it. You  can  appeal  to  John, 
who  is  22  . . .  with  more  creative  license.” 

Reader  Andrew  Stodart  responds, “As  an  industry 
we  need  to  raise  our  heads  from  the  murky  depths 
of  the  latest  technology  and  look  at  what  has  been 
created  over  the  last  30  years.  Can  we  really  say  we 
have  no  responsibility  to  6-year-old  Susie  or  even 
22-year-old  John?” 

Your  thoughts  to  backspin@gibbs.com. 


uzz  News,  insights,  opinions  and  oddities 


By  Paul  McNamara 

Rotten  politics  in  the  Big  Apple 

When  the  late  Speaker  of  the  House  Thomas  P. 
"Tip"  O'Neill  uttered  his  famous  line  about  all  poli¬ 
tics  being  local,  he  wasn't  saying  that’s  always  a 
good  thing. 

It  certainly  was  not  in  New  York  last  week, 
as  evidenced  by  the  parochial  political  uproar 
over  —  strangely  enough  —  an  evolving  network 

disaster-recovery  plan. 

As  my  colleague  Ellen  Messmer  reported  Oct.  21,  a  quartet  of  regulatory  agen¬ 
cies  led  by  the  Federal  Reserve  has  drafted  a  blueprint  designed  to  assure  that 
any  future  catastrophic  terrorist  assault  does  not  put  the  nation's  financial  capital 
out  of  business  for  as  long  as  the  last  one  did.  Wall  Street  trading  was  halted  for  a 
week  after  Sept.  11,  and,  according  to  the  movers  behind  this  initiative,  back-up 
plans  and  facilities  proved  woefully  inadequate  throughout  the  financial  district. 

Among  the  corrective  measures  being  proposed  is  that  central  and  back-up  facili¬ 
ties  for  the  most  important  financial  institutions  be  separated  by  at  least  200  miles. 
The  thinking  is  that  only  such  separation  will  provide  the  necessary  assurance  that 
an  attack  will  not  disable  both  locations. 

After  the  New  York  press  caught  wind  of  this  suggestion  last  week,  howls  of 
anguish  erupted  from  New  York  Gov.  George  Pataki,  New  York  City  Mayor  Michael 
Bloomberg  and  the  city's  Chamber  of  Commerce. 

The  reason  is  the  prospect  of  lost  jobs  and  a  diminished  tax  base.  Pataki,  Bloom¬ 
berg  and  the  Chamber  cheerleaders  are  apparently  convinced  that  this  regulatory 
mandate,  should  it  come  to  pass,  will  decimate  the  already-depleted  employment 
rolls  within  New  York's  financial  district.  They  even  ginned  up  an  estimate  of  the  eco¬ 
nomic  carnage:  25%  of  155,000  jobs.  (Rule  of  thumb  when  dealing  with  politicians: 


Divide  such  "estimates"  by  at  least  five  ...  10  to  be  safe.) 

"It’s  a  horrible,  horrible  concept,"  Pataki  told  New  York's  Daily  News. 

How  horribly  horrible?  Well,  the  governor  says,  the  requirement  will  not  only  drive 
these  jobs  out  of  New  York  City  but  clear  out  of  the  country _ It's  not  clear  why. 

"We  all  want  to  make  sure  we  have  back-up  facilities,"  Bloomberg  harrumphed. 
“But  splitting  a  company  into  two  parts  and  moving  one  300  miles  away  is,  No.  1,  giv¬ 
ing  in  to  the  terrorists,  and  No.  2,  it  just  doesn’t  work." 

Giving  in  to  the  terrorists?  I  suppose  you  could  make  the  same  argument  about 
extra  security  screenings  at  the  airport ...  if  you  want  to  be  the  butt  of  late-night 
jokes  by  Leno  and  Letterman. 

Let’s  be  clear  here.  I  wouldn't  pretend  to  tell  anyone  whether  the  optimum  separa¬ 
tion  between  primary  and  back-up  banking  facilities  should  be  200  miles  or  200 
yards. 

But  I  do  know  this  much:  That  calculation  has  absolutely  nothing  to  do  with  New 
York  City’s  tax  base  or  unemployment  rate. 

On  the  one  hand,  it's  truly  remarkable  that  these  political  and  business  leaders 
would  place  a  purely  parochial  issue  on  a  par  with  a  truly  national  (if  not  global) 
imperative:  protecting  the  network  infrastructure  that  supports  this  country's  finan¬ 
cial  system. 

On  the  other  hand,  of  course,  this  is  what  politicians  do  for  a  living. 

The  good  news  is  that  in  theory,  at  least,  the  Federal  Reserve  and  its  regulatory 
partners  in  this  endeavor  —  which  includes  the  New  York  State  Banking 
Department  —  are  supposed  to  toil  above  political  fray. 

Let's  hope  so.  For  it  would  truly  be  a  sad  commentary  on  our  leaders  and  our  prior¬ 
ities  if  the  regulators  bow  to  the  pressure  being  applied  by  these  myopic  special 
interests. 

Got  something  to  say  about  this  New  York  state  of  mind?  The  address  is 
buzz@nww.com. 
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